vidar

General

Target

lnstaller-x86.zip
Size

1.1MB
Sample

241115-jrjdysvkfq
MD5

a21d3b50943ba289f87af6c1697ac027
SHA1

6f9f8498065665fa94c78a6a55167f5af4e7aaf7
SHA256

ae21d1625a332105fa099e45f15945dcfbd0e088bc357398c5b9036be80c8b9e
SHA512

3eeac3ad53668dccd4f7b5a4008f57e7fdb54bf483b7e4026ea8b7908adc2919caf454adcc6ec203ccc829edaeec1e2d8edf469f00900de51bbec28db569efde
SSDEEP

24576:LRv4rv+4bIk+1xjY54255J2N/VR80XuW0t/7J+5tyn7L0i:lY+4u15oJ54XRtu/mt80i

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11.7

Botnet

832ff6075d875436124f2744cc55913a

C2

https://t.me/m07mbk

https://steamcommunity.com/profiles/76561199801589826

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  InstaIIer.exe
- Size
  
  41.0MB
- MD5
  
  136d8eeb91c5fa33ff2049b441929788
- SHA1
  
  58c0e21ec68c7c499b442c8ec2e820adf1fd15ec
- SHA256
  
  5667a73898a9134a736c6b56f25577ed3f9901dd17439de0dca545ac3cd1af16
- SHA512
  
  d55552584088455d96656d3ac7b33195cbf0eb511bec47da66f37ff5874fb489d69fa0eb9e1cccb3bdb431ceee835c2cb62833f420a8efcec4ee44439090a1fa
- SSDEEP
  
  24576:5z0wSWUTxMWv3LPO9dOV8kS8FTVuFK76/KvHM:5z0wSWUTxM2PO9wV8kS8FTV5n
Score

10^/10

vidar 832ff6075d875436124f2744cc55913a credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  re86x.dll
- Size
  
  177.8MB
- MD5
  
  a17f011e58699c816cb3511fc14a5e3d
- SHA1
  
  4a69475a7d523239f61d2fca759c35776d256eb0
- SHA256
  
  be3283d6c64766a6d950a93f42164e82f93d30409697a693a7a6d8759935abdd
- SHA512
  
  c5d1864bae174a523bc52026107f05de00f64401ea1a0bd037ea4eedba9abcace1e17381b3f33ced4e7ee8d54bba1b9b184750883c3a2a9feacf1dcb8ad62157
- SSDEEP
  
  24576:VJ1jpSL+6UfDq80kdLx5IyYIfNvLw94Sx7aPuIaWutQrXttq89PZV53rnN7rjRLT:P1jpKNUfDq80kdDIyYIxa4Sx7aP
Score

3^/10

discovery
behavioral3 behavioral4