vidar | b48eeab60494eb44d8d5ef10a87fd46ad1aa33fdcf7245efb636f69f2fd55f42 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

b48eeab60494eb44d8d5ef10a87fd46ad1aa33fdcf7245efb636f69f2fd55f42
Size

594KB
Sample

241010-cag18stgrh
MD5

f275736a38a6b90825076e8d786ad5c5
SHA1

c0d862ceab728736580f043316cdc099b2ab8924
SHA256

b48eeab60494eb44d8d5ef10a87fd46ad1aa33fdcf7245efb636f69f2fd55f42
SHA512

b6662ee0426b45c5629808718613a687808deeaca692bb00d26ac5c9098b8a36a126ef80eca470db085aa5a84e38a9ee088a165cea821bf1226055a4fd842711
SSDEEP

12288:Z23Df42FsPVesttHjpBKBmtvoYTjapYQIhtud8FpowFgXRo:Sz4xDTHt/tgYTjJQ0pXowWXR

Score

10^/10

vidar 2ee1445fc63bc20d0e7966867b13e0e1 credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b48eeab60494eb44d8d5ef10a87fd46ad1aa33fdcf7245efb636f69f2fd55f42.exe

Resource

win7-20240903-en

vidar 2ee1445fc63bc20d0e7966867b13e0e1 credential_access discovery spyware stealer

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

b48eeab60494eb44d8d5ef10a87fd46ad1aa33fdcf7245efb636f69f2fd55f42.exe

Resource

win10-20240404-en

vidar 2ee1445fc63bc20d0e7966867b13e0e1 credential_access discovery spyware stealer

windows10-1703-x64

14 signatures

300 seconds

Malware Config

Extracted

Family

vidar

Version

11

Botnet

2ee1445fc63bc20d0e7966867b13e0e1

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  b48eeab60494eb44d8d5ef10a87fd46ad1aa33fdcf7245efb636f69f2fd55f42
- Size
  
  594KB
- MD5
  
  f275736a38a6b90825076e8d786ad5c5
- SHA1
  
  c0d862ceab728736580f043316cdc099b2ab8924
- SHA256
  
  b48eeab60494eb44d8d5ef10a87fd46ad1aa33fdcf7245efb636f69f2fd55f42
- SHA512
  
  b6662ee0426b45c5629808718613a687808deeaca692bb00d26ac5c9098b8a36a126ef80eca470db085aa5a84e38a9ee088a165cea821bf1226055a4fd842711
- SSDEEP
  
  12288:Z23Df42FsPVesttHjpBKBmtvoYTjapYQIhtud8FpowFgXRo:Sz4xDTHt/tgYTjJQ0pXowWXR
Score

10^/10

vidar 2ee1445fc63bc20d0e7966867b13e0e1 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar2ee1445fc63bc20d0e7966867b13e0e1credential_accessdiscoveryspywarestealer

behavioral2

vidar2ee1445fc63bc20d0e7966867b13e0e1credential_accessdiscoveryspywarestealer

© 2018-2024

Terms | Privacy