vidar

General

Target

08821ac5424cc31063657212609b8d1d.bin
Size

508KB
Sample

241025-bcy7vszfjb
MD5

4adef8956ffcd3814bc8f29825700322
SHA1

c483157bfa3be8a7c6089b883aad020e3e95395f
SHA256

bc12a2f0e7efe56b9f5c6f005b993e71e0c6ade951fb9f6004c719fb334ed09f
SHA512

61983f086e5b847ae3b932c3521a88778f2ce88d72253773187d87ffbe21dcf255abc1b2431527a1d0a513afbcd84efeb3f12404ff2edd98c841de657b1871cd
SSDEEP

12288:dp4DwrLbURWQ2ig+OPyy25WaM3aDl4PSK0TwtKfDd3Y:dp4UrXUgQ/ON74lC08tWRY

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

0b3bd69430b7d827b107ba2ed809207d

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  4b231165fb53ccbe0f337ed09227ddd57998a5ec6883402de241bc81ba0b6588.exe
- Size
  
  617KB
- MD5
  
  08821ac5424cc31063657212609b8d1d
- SHA1
  
  d6d96eea96bddecb27ff673b736525c85482ab8d
- SHA256
  
  4b231165fb53ccbe0f337ed09227ddd57998a5ec6883402de241bc81ba0b6588
- SHA512
  
  1fd88a75f378ccbe36e6b167fc99bc4867d001e1e46e36770098d6eb43f54c31bf89148d187d787ac07574340508c94eb0a69516a0bb62aa74014ddd0da53089
- SSDEEP
  
  12288:HWV5qnPSABI5apSV9g9iTaq8v0tQNV+Fn6bIx+mW0Jc8lr7v:HW+nP9RpSVCcTaHi2wn6bIx+BM5r7v
Score

10^/10

vidar 0b3bd69430b7d827b107ba2ed809207d credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2