vidar

General

Target

JaffaCakes118_62cdd2b8fee3843fc55dbc34b083c2b160dc43ddc6939fe4e9129dc2b5deee23
Size

731.3MB
Sample

241222-mkzzxavkax
MD5

97b9eb7404c2d4db9eb58284747de903
SHA1

e4a9d5c8d2a6997d59186db15a95faaf4b533d0c
SHA256

62cdd2b8fee3843fc55dbc34b083c2b160dc43ddc6939fe4e9129dc2b5deee23
SHA512

dabeaafa5e21e5780a24f55e4e22b9e6f2c5d5f430f557768b74a70810cd5d5d7518936d3042ead66faff6b283149516e3365b5d7eda28fc5fcc884c447c30c8
SSDEEP

393216:3z1PfWExIRuRE2a8u9/D4UFpVEqC3DohVB5Uct:DtqwRRWR7PVO3DUvUct

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

55.6

Botnet

1704

C2

https://t.me/US3mdsfmsmefwd

http://138.124.180.85

http://188.119.113.36

Attributes

profile_id
1704

Targets

- Target
  
  JaffaCakes118_62cdd2b8fee3843fc55dbc34b083c2b160dc43ddc6939fe4e9129dc2b5deee23
- Size
  
  731.3MB
- MD5
  
  97b9eb7404c2d4db9eb58284747de903
- SHA1
  
  e4a9d5c8d2a6997d59186db15a95faaf4b533d0c
- SHA256
  
  62cdd2b8fee3843fc55dbc34b083c2b160dc43ddc6939fe4e9129dc2b5deee23
- SHA512
  
  dabeaafa5e21e5780a24f55e4e22b9e6f2c5d5f430f557768b74a70810cd5d5d7518936d3042ead66faff6b283149516e3365b5d7eda28fc5fcc884c447c30c8
- SSDEEP
  
  393216:3z1PfWExIRuRE2a8u9/D4UFpVEqC3DohVB5Uct:DtqwRRWR7PVO3DUvUct
Score

10^/10

discovery vidar 1704 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vidar family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2