vidar

General

Target

1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d.exe
Size

4.1MB
Sample

240927-bf23xsxcpq
MD5

4f3ddd6692d604ecf2bd37d93d0f2387
SHA1

78a00b190d88eaf514b5bf2af754681795de9e44
SHA256

1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d
SHA512

2e1720baf9ad49781d224ac23ebe25aae6073465e7e962bde9759941373ec0109176be8d7a1693b0196b6ac1912d84b96422b2758e2e3143dec76de1154f4153
SSDEEP

98304:9BkNhx7tr/K0pB+km2inP8I0zJDd0TfuBUR8/Rg:9BkNVbiP8fDd0yBUy/q

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11

Botnet

8804a4f27e22750a8baa49e881ddca35

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d.exe
- Size
  
  4.1MB
- MD5
  
  4f3ddd6692d604ecf2bd37d93d0f2387
- SHA1
  
  78a00b190d88eaf514b5bf2af754681795de9e44
- SHA256
  
  1d50b6e42d9edb6d7ee41781f32972349ecc4ec2eaaef4692e994c858fb8551d
- SHA512
  
  2e1720baf9ad49781d224ac23ebe25aae6073465e7e962bde9759941373ec0109176be8d7a1693b0196b6ac1912d84b96422b2758e2e3143dec76de1154f4153
- SSDEEP
  
  98304:9BkNhx7tr/K0pB+km2inP8I0zJDd0TfuBUR8/Rg:9BkNVbiP8fDd0yBUy/q
Score

10^/10

vidar 8804a4f27e22750a8baa49e881ddca35 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  OrganisationEstates/Innovative
- Size
  
  96KB
- MD5
  
  e1a9c4a5a6d13e85dad6cd2b38aa6f89
- SHA1
  
  dfb507e4c1f636c6dd1f4e5c0758a417a6552346
- SHA256
  
  285b0808ef9df43736f0c85c276e0e8415c7fad3c5f4b0bc2d25377ecbd1ffef
- SHA512
  
  a524bcd6ba32ab3d7040254b9f341c5fe30e64c606300aab1cc5b0c1604647e09b20f1b344d63c32a4e2a022786e8cbc1e34e9538a1cac62bea58c69c11a0696
- SSDEEP
  
  1536:r1iEGFARVwMdOVdeV9YYHYvdO+hNHUnB3x10rHbn3YzUqvngafxwI+7UVz1:r6ARVRV9YY4v1KnBLKn3wUqvBZtz1
Score

3^/10

execution
behavioral3 behavioral4