vidar

Sharing

Copy URL

Twitter E-mail

General

Target

Browser_Update-10-2024.zip
Size

74.8MB
Sample

241029-s7xe7awgmm
MD5

b965f86a0c6077967f0b310a0419ba01
SHA1

11da78837200eb425544580bb5533dd3d39932b3
SHA256

2a7a93984ebb6f2676eaf4bb61b29935e0fbb4da166cb252e9747f779074ae62
SHA512

db4448a99b7383ed58fa89da422f0da026f80069fc55a4255314cedc86820e3a41d90fc13b842c785a22c836792cfce6cab22fb5f2de62b7c9fc0d6d287258d2
SSDEEP

1572864:0dMtMaMKFU4lwtu48BTIfjUvbVm/fAUfrnDNsikdo92xvwDrZ9Y:6MtnMKFflwj8tIUVqAUfrDSip2xvw/Zy

Score

10^/10

Malware Config

Extracted

Family

vidar

https://t.me/fun88rockskek

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  Browser_Update-10-2024.zip
- Size
  
  74.8MB
- MD5
  
  b965f86a0c6077967f0b310a0419ba01
- SHA1
  
  11da78837200eb425544580bb5533dd3d39932b3
- SHA256
  
  2a7a93984ebb6f2676eaf4bb61b29935e0fbb4da166cb252e9747f779074ae62
- SHA512
  
  db4448a99b7383ed58fa89da422f0da026f80069fc55a4255314cedc86820e3a41d90fc13b842c785a22c836792cfce6cab22fb5f2de62b7c9fc0d6d287258d2
- SSDEEP
  
  1572864:0dMtMaMKFU4lwtu48BTIfjUvbVm/fAUfrnDNsikdo92xvwDrZ9Y:6MtnMKFflwj8tIUVqAUfrDSip2xvw/Zy
Score

1^/10
behavioral1 behavioral2
- Target
  
  Install.exe
- Size
  
  3.4MB
- MD5
  
  c30711c9fc9d650b14507521a253e8d0
- SHA1
  
  9b749d1a00ca31a8b7f562eab5faaef69d0516dd
- SHA256
  
  55e757150f980a8ca433d67f55dbf3b05615e58fd447e02e4e6ebc07f3cf5597
- SHA512
  
  6c16ad1a5812b3fc7faca91b2fbdc7d0691dd5c73bd2be3fe413def04eeaf5b8fddb08308e9b5e1b05f69b81160ba2d647bb05fe01c4b616ee5faa3593f956d4
- SSDEEP
  
  98304:jsBvJ7SOd9cEmG7TqjlOpIhqDQ2vOQx8fHriZ3f:QSk9cEmG7TWlOpIhqDtxMi1
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  d3d11.dll
- Size
  
  2.3MB
- MD5
  
  8d2b43fc958ae42e35f83539fcfb0d1f
- SHA1
  
  f16d5836320c46cf1ef833d872755d4219215275
- SHA256
  
  dada501a3ecd363542202cb3897f0d0152f1481f8f63436ace881031651f8640
- SHA512
  
  40797c78d3571db43bb4a54ded672abc8efbe492be1ea175fdae601536af8023a999da4fad0caabdae3415cd3c6b0be0791944893b6df5075d9f7026a1bc0731
- SSDEEP
  
  24576:jsj0+nuXH3o8120l4JWtDEdBVdaMCNDMi4imGAWfh5PQIyLXWbSyI3Im85btvSIS:jqCYbWtDEdBD+54iHPfo1XvyicbBckFS
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  lib
- Size
  
  72.0MB
- MD5
  
  83363d01a9205de067513c16cb4590fb
- SHA1
  
  a454e505072761086b0bb18cbd7ba3f17199e13c
- SHA256
  
  220f5b5068640113ef95a9fe45e5a738f89270496f03dee705a1040f15bc40b7
- SHA512
  
  c4506d3a01c8e5a5b250289fe0cf1c987a16ec5657fd0c1bbc0dbc814040612014c5b03c64542a44550a746c2b8858517d9b3ecbbea9fbc4ff5ce83823030ef1
- SSDEEP
  
  1572864:ntMaMKFU4lwtu48BTIfjUvbVm/fAUfrnDNsikdo92xvwDrZ9E:ntnMKFflwj8tIUVqAUfrDSip2xvw/Z9E
Score

1^/10
behavioral7 behavioral8