vidar

General

Target

b.zip
Size

42.9MB
Sample

240929-s9c5bstdmh
MD5

8289ee3fbd2e550280a69d6f311fbe8f
SHA1

515a6ed8a22cb425a85cb9b5886e7e426d625433
SHA256

b4bfba362d1d68de5176add660027807c782d16aaa5ba899a53d900296041fd5
SHA512

216ca13063210e7f0945c328e68fcfc75d3eb182c2a892799796272100acc576cee4bb356ae189c8ce0741cb0d85e98350b255cec8105fe899b2e38b5067d5a6
SSDEEP

786432:WXNBmtmUJUcGRdzVV6YnSFdWDxkjvyVzRBUPtFADd0QX6pytIgmSHvifm2Fpc960:WXN8tKc8zVVUsxwvyiPtFI4pytIVSKNY

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11

Botnet

da1105e7cee8ade4acd1a4dc0b47dbbe

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  #Uc800#Uc791#Uad8c #Uce68#Ud574#Uc5d0 #Ub300#Ud55c #Uc99d#Uac70 #Ubc0f #Uc790#Ub8cc - #Uc2a4#Ud0c0#Uc27d #Uc5d4#Ud130#Ud14c#Uc778#Uba3c#Ud2b8.exe
- Size
  
  6.1MB
- MD5
  
  4864a55cff27f686023456a22371e790
- SHA1
  
  6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
- SHA256
  
  08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
- SHA512
  
  4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
- SSDEEP
  
  98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score

10^/10

vidar da1105e7cee8ade4acd1a4dc0b47dbbe credential_access discovery persistence spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  저작권 침해에 대한 증거 및 자료 - 스타쉽 엔터테인먼트.exe
- Size
  
  6.1MB
- MD5
  
  4864a55cff27f686023456a22371e790
- SHA1
  
  6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
- SHA256
  
  08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
- SHA512
  
  4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
- SSDEEP
  
  98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score

10^/10

vidar da1105e7cee8ade4acd1a4dc0b47dbbe credential_access discovery persistence spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4