vidar | d58a43177a96c7ba99b18b092b2328e0d1992bb6297f9d88c07479a57d1b960d | Triage

Sharing

General

Target

res.js
Size

4KB
Sample

241019-tr6jlaveqh
MD5

440c1565f02140aa1b10af7a682d0bd6
SHA1

c1b8cd858d6656bd63f78cde6479d55c45bc25d5
SHA256

d58a43177a96c7ba99b18b092b2328e0d1992bb6297f9d88c07479a57d1b960d
SHA512

cf9199c3d39f970e4b6e42e14945b87f7bf99551a034c8eca5bc039b9328b081fd31efe4c772fef4aa0e87b7255b8a02230ee86ef95c4d67e71b9818c0012ac0
SSDEEP

96:C7qdfKkxWtLqSXpd5mokVew2e3jzwuuHC0MPF6XBm5YaWxMR4GTBMh8lCfIxj6fQ:VrsIYXmoqMe3bEdMt6sY7e4GTrv9VV

Score

10^/10

vidar 65158feadb3cebfa5c9a9e36f0d461fe discovery execution persistence stealer

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

65158feadb3cebfa5c9a9e36f0d461fe

C2

https://t.me/fun88rockskek

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  res.js
- Size
  
  4KB
- MD5
  
  440c1565f02140aa1b10af7a682d0bd6
- SHA1
  
  c1b8cd858d6656bd63f78cde6479d55c45bc25d5
- SHA256
  
  d58a43177a96c7ba99b18b092b2328e0d1992bb6297f9d88c07479a57d1b960d
- SHA512
  
  cf9199c3d39f970e4b6e42e14945b87f7bf99551a034c8eca5bc039b9328b081fd31efe4c772fef4aa0e87b7255b8a02230ee86ef95c4d67e71b9818c0012ac0
- SSDEEP
  
  96:C7qdfKkxWtLqSXpd5mokVew2e3jzwuuHC0MPF6XBm5YaWxMR4GTBMh8lCfIxj6fQ:VrsIYXmoqMe3bEdMt6sY7e4GTrv9VV
Score

10^/10

vidar 65158feadb3cebfa5c9a9e36f0d461fe discovery execution persistence stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Blocklisted process makes network request
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar65158feadb3cebfa5c9a9e36f0d461fediscoveryexecutionpersistencestealer