vidar

General

Target

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b
Size

1.1MB
Sample

241031-v41pjs1hrb
MD5

ba7e3ccf268bc947d7434bfb46945306
SHA1

e85e4ebb00bc165f7ed6345b9e80ef2c0f07d789
SHA256

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b
SHA512

5de6db2cc0d57fff384c89e3bafa59a857b6a55d2e36a5b2409aa472d06c029f21c6a47203c82714addb290d92ffdd621b06009e7ba7d566a4120ed3c8e02fe0
SSDEEP

24576:hkYQFXibHi3fe2Fyw8N9Zl8Ff3XXoCvaBr59Co2fI85:+YQFXGHSG2K9LKtyJyfJ5

Score

10^/10

Malware Config

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b
- Size
  
  1.1MB
- MD5
  
  ba7e3ccf268bc947d7434bfb46945306
- SHA1
  
  e85e4ebb00bc165f7ed6345b9e80ef2c0f07d789
- SHA256
  
  9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b
- SHA512
  
  5de6db2cc0d57fff384c89e3bafa59a857b6a55d2e36a5b2409aa472d06c029f21c6a47203c82714addb290d92ffdd621b06009e7ba7d566a4120ed3c8e02fe0
- SSDEEP
  
  24576:hkYQFXibHi3fe2Fyw8N9Zl8Ff3XXoCvaBr59Co2fI85:+YQFXGHSG2K9LKtyJyfJ5
Score

10^/10

vidar credential_access discovery stealer spyware
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2