vidar

General

Target

start.exe
Size

384KB
Sample

241127-y2rweaymdx
MD5

3318168ae9a79bebdbca98281974ea70
SHA1

a1c84b04cd756628f955abd4dec707d946d9a84f
SHA256

5d32e44b85fcb2b674764ef904ba64a16d4533591b7d1ada4d760cdb603db706
SHA512

ae3e42d079055d75f4c1dc8afe9c994e9d42fbd1e34eb51976f7a8b74895eebd04411649c7661f59286967f2a72e730f8bd2efb670c30335622250dcdd45de61
SSDEEP

6144:kmQ5QhH2pP+YC4KqpmrxUHnYXK1h3Bt9qUnHmwZbh3XpFgO2/31PHC/kWBvq9l1:kmQaHOP+Y/KqpmNUHnhh7ZbZ6/31PHtN

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

56.1

Botnet

1375

C2

https://t.me/dishasta

https://steamcommunity.com/profiles/76561199441933804

http://167.235.150.8:80

Attributes

profile_id
1375

Targets

- Target
  
  start.exe
- Size
  
  384KB
- MD5
  
  3318168ae9a79bebdbca98281974ea70
- SHA1
  
  a1c84b04cd756628f955abd4dec707d946d9a84f
- SHA256
  
  5d32e44b85fcb2b674764ef904ba64a16d4533591b7d1ada4d760cdb603db706
- SHA512
  
  ae3e42d079055d75f4c1dc8afe9c994e9d42fbd1e34eb51976f7a8b74895eebd04411649c7661f59286967f2a72e730f8bd2efb670c30335622250dcdd45de61
- SSDEEP
  
  6144:kmQ5QhH2pP+YC4KqpmrxUHnYXK1h3Bt9qUnHmwZbh3XpFgO2/31PHC/kWBvq9l1:kmQaHOP+Y/KqpmNUHnhh7ZbZ6/31PHtN
Score

10^/10

vidar 1375 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vidar family

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2