vidar

Sharing

Copy URL

Twitter E-mail

General

Target

b.zip
Size

42.9MB
Sample

240930-axw3kasenb
MD5

8289ee3fbd2e550280a69d6f311fbe8f
SHA1

515a6ed8a22cb425a85cb9b5886e7e426d625433
SHA256

b4bfba362d1d68de5176add660027807c782d16aaa5ba899a53d900296041fd5
SHA512

216ca13063210e7f0945c328e68fcfc75d3eb182c2a892799796272100acc576cee4bb356ae189c8ce0741cb0d85e98350b255cec8105fe899b2e38b5067d5a6
SSDEEP

786432:WXNBmtmUJUcGRdzVV6YnSFdWDxkjvyVzRBUPtFADd0QX6pytIgmSHvifm2Fpc960:WXN8tKc8zVVUsxwvyiPtFI4pytIVSKNY

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

Botnet

da1105e7cee8ade4acd1a4dc0b47dbbe

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  #Uc800#Uc791#Uad8c #Uce68#Ud574#Uc5d0 #Ub300#Ud55c #Uc99d#Uac70 #Ubc0f #Uc790#Ub8cc - #Uc2a4#Ud0c0#Uc27d #Uc5d4#Ud130#Ud14c#Uc778#Uba3c#Ud2b8.exe
- Size
  
  6.1MB
- MD5
  
  4864a55cff27f686023456a22371e790
- SHA1
  
  6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
- SHA256
  
  08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
- SHA512
  
  4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
- SSDEEP
  
  98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score

10^/10

vidar da1105e7cee8ade4acd1a4dc0b47dbbe credential_access discovery persistence spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  W2
- Size
  
  36.1MB
- MD5
  
  2711a1512a4b86f0745885506d603397
- SHA1
  
  31d665fe7bca6509824ed12904af18494490e27a
- SHA256
  
  418f7a063559b628c394b4d3d47148e1226697c55fe5d478706ef96d122a9961
- SHA512
  
  ea465376e333c0c4a481d9937256bc70051bdba5786a09798fec169cb281b01e566f04ab1fd2438462ca10e3dd5ee71c7b4fd8789661c31ed877ebc4dc4d9361
- SSDEEP
  
  786432:94rbnl4Qbn+40bny4Rbn04ubng4dbnB4sbnn4rbnh4nbnH4a:94/l4G+4ay4d048g4pB4Cn4/h4bH4a
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  msimg32.dll
- Size
  
  3.9MB
- MD5
  
  5ffd78650614bc118ea029b086dffb3e
- SHA1
  
  d552cfbc15052f609e23a9613866d5462a4318a3
- SHA256
  
  c8bdff3366a5e82f090d54dee45a507c53caf619ab5285efccb0d5c69041b381
- SHA512
  
  451f97fceb1127a37f064d86584ce0a81d47fcac3c4dd64eca3cf60a50437b29e1a6a7de5513f3dff72a96bfcf2a5f548751470b80c7ad34ada07fd0f43f864d
- SSDEEP
  
  49152:Ptw8A/gVIBl8X3t6evYC/2NESehSE3TQaC+1RDYBylTTt4eri:xwA/SNVwSE30ajvI6TpE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  저작권 침해에 대한 증거 및 자료 - 스타쉽 엔터테인먼트.exe
- Size
  
  6.1MB
- MD5
  
  4864a55cff27f686023456a22371e790
- SHA1
  
  6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
- SHA256
  
  08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
- SHA512
  
  4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
- SSDEEP
  
  98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score

10^/10

vidar da1105e7cee8ade4acd1a4dc0b47dbbe credential_access discovery persistence spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8