vidar

Sharing

Copy URL

Twitter E-mail

General

Target

TradingView_PRO.rar
Size

6.8MB
Sample

241011-my22estdlm
MD5

c4e366fb7c1875db195b6665d170f16f
SHA1

8d88e33867fa7af02d1fb62a9e698676461e2846
SHA256

e9c35b32ff5f1637e1057d36a26c622dde0744d5004cd55ddf43800196f92e04
SHA512

e229546b1b3b7f845024d5669b60d3a2528f5125273f53aa60ee02a291dc0118eb710e570f27b9502477138311a9d8fc08f21e6673f98d40ad9f98d7ed215dd0
SSDEEP

196608:E71OrLjmS48jWd0ppe14PBgaGAkYDACKbWSx9:UOnSbOpp44PBgaGATGl

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

91ee094dd9ffff7505d0f982e8e1ca3f

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  TradingView_PRO.rar
- Size
  
  6.8MB
- MD5
  
  c4e366fb7c1875db195b6665d170f16f
- SHA1
  
  8d88e33867fa7af02d1fb62a9e698676461e2846
- SHA256
  
  e9c35b32ff5f1637e1057d36a26c622dde0744d5004cd55ddf43800196f92e04
- SHA512
  
  e229546b1b3b7f845024d5669b60d3a2528f5125273f53aa60ee02a291dc0118eb710e570f27b9502477138311a9d8fc08f21e6673f98d40ad9f98d7ed215dd0
- SSDEEP
  
  196608:E71OrLjmS48jWd0ppe14PBgaGAkYDACKbWSx9:UOnSbOpp44PBgaGATGl
Score

1^/10
behavioral1
- Target
  
  Soft.exe
- Size
  
  11.6MB
- MD5
  
  e07f44a87703de090d1eb0dccd846553
- SHA1
  
  7905082ab227b83cf2ae74617828ad363d0ec8d6
- SHA256
  
  11c38e3bd3e0cd2b4f783efe5bd007e0ffe28162c5e343509028719a437810d8
- SHA512
  
  0c859e2c52cc3e0ceeaf6fefe7d7c4f5bec3dc9822207c841ce96501364e987e1a2aaa828cbb2840e8c61ee002dd631355969e11ff7fef678d132819046ee1f4
- SSDEEP
  
  49152:f6CsLrzgdhBxDv9nWzUQBzD5I574hzdHmjh7ezq5DZ6rUSpSUDmPsCGd/5Nj11lm:bs/zgdtDBEUuH8VxnSNf+SOSkln
Score

10^/10

vidar 91ee094dd9ffff7505d0f982e8e1ca3f credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  dll/EntityFramework.SqlServer.dll
- Size
  
  577KB
- MD5
  
  af1646b1c2227ab206d855bd068535cf
- SHA1
  
  3cd982ad2fb00a50151d7f416e4b05f79528496e
- SHA256
  
  a960dd4d2f0f37b3c09ffb9567c32426b8791310d7eb935c04c819c3d46bd49e
- SHA512
  
  04eb6b5ec3a1655ae2fc661f6f9053f7743a2c624c4e8b0e1e6660fcb135a847adda27919ae8f38987e370e0114bd5ce45e01f1c894019a864a22cae3d24af0a
- SSDEEP
  
  6144:EcK9UcUZV25QiE0U0CxzB6zHK1HHYkIfPQG2puGeqVmjaVmnS4bfu65+:fcuV200veIJu65
Score

1^/10
behavioral3
- Target
  
  dll/FeedbackCommon.dll
- Size
  
  307KB
- MD5
  
  9a6a4c9dec73c5a28ed4c7f7cc3e0c3e
- SHA1
  
  84f547be9b4b6112a5b8ada27b72f6609c4c566d
- SHA256
  
  fe9bb227f2faef7d6b4fd00c823ef584b93c40aba9d82ecb0d970910e99679ce
- SHA512
  
  bb84611f93f947b65b839ab859d79b4f6994348ebf68f735b2c30bd58a686e2c5e127a074a027f3f5afc5c536fc40dcad43af5e302cb409e0c6248fa1bbce82d
- SSDEEP
  
  6144:VqN+kNEbSraPv82L1I9kure9z/5XI2Q1DnopldLy+L:y6bSmPvJgczR5Q1Kyq
Score

1^/10
behavioral4
- Target
  
  dll/FileReport.dll
- Size
  
  105KB
- MD5
  
  a0a885bd902a59309bbe4d7d08afada1
- SHA1
  
  0c11373f753c74e732f8a1efa433831298728697
- SHA256
  
  7b5db936d7af2bb3bbfd6b44310f44806c21391a52a41e365acef4db9a18c8f0
- SHA512
  
  6f7d1c55df83ca0b07411ba02518afb24cb16b2cb7b33f06690ac459e7839fad58e4c4d6668e5074f43d684f52d1d41a733c1000a1889e6410c3bcffa526bcf3
- SSDEEP
  
  1536:1556cODOs2gM15o/bKM+Jsf7Vg7kQqO2ypykKZqrzt5zSs/I6Sv7HxgN6W:1ifOse15aOJsf2+yjKorzt5zHAvv6N6W
Score

1^/10
behavioral5
- Target
  
  dll/SQLite.Interop.dll
- Size
  
  1.2MB
- MD5
  
  eaebd32500264123ef3f2a4cd2aee629
- SHA1
  
  ee7976940c545759bbb0a0047f0fa6cd970c30f5
- SHA256
  
  a7f95a7eed84db9cf419c03a7c05231fdedf3a042fd10259e6938eedbda3a1ac
- SHA512
  
  fcfdf839d7bfa920483314e3e3ab0b0c83669883a6c5c7abd5966fd7ca14940bb07dab219dc22031941e4155b2f4fc7bd8fb76c639b191dce052df7f537da62b
- SSDEEP
  
  24576:RKE4r0RaYdKYR7KtLqUmZRDiJC7Z2CQiQYZh5YAIQLs:8hr0RZ5RGtA0KpcYZ8tEs
Score

3^/10

discovery
behavioral6
- Target
  
  dll/iTunesRepairCLR.dll
- Size
  
  251KB
- MD5
  
  91156eecd5a86a359116c590d27466c8
- SHA1
  
  695dcce166e4782c485f3e8e56c08873e0bd4504
- SHA256
  
  51ca7821ff22ae13d1216a72b9ed0137fb03c1c26a220999a07e11cf5c506ede
- SHA512
  
  c71c62e4c7e0d4a8666a6aa5c99aa135d7e40824621026c2be6f2af41dff4b57cf1e64da8c0a6824454e2334bdc2affedadc952f07e27217dfee5b21d855474b
- SSDEEP
  
  6144:vh7eqYdp7zSC1gz1quJimyHBeEZkOFIbvwcbTpO/0hRvrqSD/YHgCn0Ln:vh87zSYgz1quJimoBeEZkOFIbvdpHvDH
Score

1^/10
behavioral7
- Target
  
  dll/iTunesRepairCommon.dll
- Size
  
  418KB
- MD5
  
  f06de1bc253f3cc89aad496291aa3a7f
- SHA1
  
  96eec4a7c9ee6ca75dbd728d35d819115e4496c6
- SHA256
  
  cefba3a426a57e4720307dd5990322162791f9ea444c9dad432d7cb7c2feb294
- SHA512
  
  bcd43b508d79026f5489beb6ae052ca3e6f75e6dd418f816b4d2e638878628a78c91791eef83afee95a98274a5c660f5eb7939903f4d7d7d0de33887122f3717
- SSDEEP
  
  6144:nrlNsxq6bOyE5uaqAKMCEhrcIzccMPktA/K8DC8KXgNNExOfm4dddxdddoVuwLND:nrsxR3MqD/XK86g5YNXz
Score

1^/10
behavioral8
- Target
  
  dll/libcurl.dll
- Size
  
  542KB
- MD5
  
  07ac3e92e0ffd0b5b12f7ade2c310419
- SHA1
  
  7d54530f6641f7ae3b597a3f26139a40bcf5ce9b
- SHA256
  
  401e9665ccaead776d966b9064e8fb1b51d6cf22b3b134e1515b750714fd6b98
- SHA512
  
  149154a2d0d360475d6d78738f608a6d22f29605c126e7bddcee365d40a410ef0739feb5c17a1af32899543a34519d2183242968640e29df0e03346e6847c882
- SSDEEP
  
  12288:jA3uJu2rBBXQ5qNf8I+UkCVmDnw0NIjU6y+n/U7N:jA3uJrBXQ5qNNfkK8nw0ijxpUR
Score

1^/10
behavioral9
- Target
  
  dll/libdispatch.dll
- Size
  
  108KB
- MD5
  
  2139af75442b468ad2a3b3c755a4da53
- SHA1
  
  5f265b913bb8dc8eca773f57e38338a8829e84e5
- SHA256
  
  459150bc518575cbd702c7e7f8df01d6e551d42354bd791bf75dfb1763afb622
- SHA512
  
  87dfa3bb19a3f5912a809dd99ae38fcd8326302a0a93e3249b690996e5573216f719fcdd5c647baf67b72c4e971f42b33e155def6b0ce228bf8fb451bfb7debe
- SSDEEP
  
  3072:UljbozJ/JwMCDADZ4TMiI1LfxeNRVGNa3x1B:gbEh7CDAWMiZwY
Score

1^/10
behavioral10
- Target
  
  dll/libicuin.dll
- Size
  
  2.4MB
- MD5
  
  78c64b3156f8e070ccab351a96aab1e7
- SHA1
  
  3383fc6cae65078b7be1681852837beda102dfac
- SHA256
  
  25694350aea200b742dabc08576728856b3a4ebe479661737f14213323655ff5
- SHA512
  
  1d20baf31fab11150b9507078723393a81abb2515bbde31fb36c41b1f576b7a603eec42c645f4efffc0bf7faec3833fd88d5c40b66c90b3f0c7619479319762a
- SSDEEP
  
  24576:/QFxbR+M8IY5d0FQqv0bcSPcj4eA/bcnU92xkAfQORBAZm9TsTpdX:4z1iIY5d0F8bHjd4ny2AZm9yHX
Score

1^/10
behavioral11
- Target
  
  dll/libicuuc.dll
- Size
  
  1.5MB
- MD5
  
  e4a7d8761e5b4d78370b4b530c904bff
- SHA1
  
  fa26af028d250cfb5d199674cdf7f2e4b2ae70a7
- SHA256
  
  df4a1e45fb00ef3eb58d9eccf3b87ff064206f29906119a8d58316dc73854d59
- SHA512
  
  7089a0f7e5799f9c923b32a39295ab4e2b0c2567f0e7f41d6bce395856c7b8f3cc77d4ad32dd3287158f805d34184cef8477b64285522be5dbd4984cd9e92bb8
- SSDEEP
  
  24576:8mOiW6DF68nc6aUI58Oj7Uc585mXPjpTpW7MY5:XOwF68nEjRjYiXX8n5
Score

1^/10
behavioral12
- Target
  
  dll/libssl-1_1-x64.dll
- Size
  
  676KB
- MD5
  
  68fda88259572d37d733b6a4c6449ce3
- SHA1
  
  cb6af4c75e5948dd2f84a8e6ed40066497225293
- SHA256
  
  57eb8e72bbad676b997fb9616e6e758ef4fbaba92b84735f5bfef5f81821cf3a
- SHA512
  
  9557a831f31ce1eb74b36ed1b2d4157393f08eaefa26d92458d405413f818798022bcf7825799f985f0f3fc158d20239660f5c6624baf88a755bfea2777e3b0b
- SSDEEP
  
  12288:tqNXZzq3TPx1XI8afSk/bseSXnfIAGa/1R+CQGkQIEijxFMU2lvzC:bLXtafsp/1R3x9o9FMU2lvzC
Score

1^/10
behavioral13
- Target
  
  dll/libxml2.dll
- Size
  
  1.3MB
- MD5
  
  e6e4bf12336d0ce68a20a2e89274e06a
- SHA1
  
  8e0851a6df0eb49b92704d0ec3ed969d427eaed6
- SHA256
  
  4be1bd36d8771b3bf521013077f254359668e46dd75e30f9b85490a328d9301f
- SHA512
  
  e62746ee01ef6b4c39b813ff6ce5e41ee1675ff433067bb7d316146253c7b65a1d6ebd8daa1c0f7b567d54bc813d7e3bf707b52716d651e16f269a13ed248b7f
- SSDEEP
  
  24576:lvSvQDyhQi62i16+7t7hMMaVQQGQaN3sAPTJ4zBnu3U6f:svQDy7etFuQQlaN3sAdeZM
Score

1^/10
behavioral14
- Target
  
  dll/tk86t.dll
- Size
  
  1.4MB
- MD5
  
  fdc8a5d96f9576bd70aa1cadc2f21748
- SHA1
  
  bae145525a18ce7e5bc69c5f43c6044de7b6e004
- SHA256
  
  1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5
- SHA512
  
  816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c
- SSDEEP
  
  24576:J7+Vm6O8hbcrckTNrkhaJVQhWnmb7u/DSe9qT03ZjLmFMoERDY5TUT/tXzddGyIK:JCQ69cYY9JVQWx/DSe9qTqJLUMPsJUT/
Score

1^/10
behavioral15
- Target
  
  dll/ucrtbase.dll
- Size
  
  1.1MB
- MD5
  
  9cd0aff3e05fca90bf9a227c94669df6
- SHA1
  
  2330e02db78010c44838f5c542edc7d4e1be00c8
- SHA256
  
  fbed69a52fdcf571dd37fe4cc63cb86ed3732b5b998807f14968788027c00754
- SHA512
  
  1f29aaf87dcea351f146121a812794ec51b5ad9b0373ad6872d34a51c2c4cc2a16a6ee3b3945a4ad885918d108ce4742f12d3e0c5dd9aaa5c5a4ce310e4cc08b
- SSDEEP
  
  24576:iJG9DZM19Y7ieC9dQ8ODtLV8+BaC6EOxPcUz1RmxvSZX0ypHNHh:R/q1vOhq+BaPHxhp7
Score

1^/10
behavioral16
- Target
  
  dll/zlib1.dll
- Size
  
  100KB
- MD5
  
  27481dd5b29d58ff9ec04a0ec36b1919
- SHA1
  
  9832d9f0b88250ada3b2fc18f1c22810d960d2bc
- SHA256
  
  d4accd4e268a6b846c10f66bb344de216788cf6721acdf810f67051559540ceb
- SHA512
  
  d1507f962c1d97d4d74114ed7b3781d4bf15c3d85e04f365b52a43a92ef844cad5e801aed435c3cfbd231b8bd2c6e6d9b6896349dbea5849f0aa29b28890031a
- SSDEEP
  
  3072:mzWFv0opgFRu932zghRGgtSubFYfxeNrfGNt1xC:mzWFvXaRu9ugHGgtSubpA+
Score

1^/10
behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Downloads MZ/PE file

Loads dropped DLL

Unsecured Credentials: Credentials In Files

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17