vidar | 78458d05ce763407de4608a2be563e4ed1c01288cf4fba99fd661fdf86ba67d5 | Triage

Sharing

General

Target

JaffaCakes118_78458d05ce763407de4608a2be563e4ed1c01288cf4fba99fd661fdf86ba67d5
Size

700.5MB
Sample

241222-ygncgsxmfr
MD5

98b5c4a7d8f26a9592ec0210217d5a1b
SHA1

943a3e16982ea5e2c5a442854602a58d22271e61
SHA256

78458d05ce763407de4608a2be563e4ed1c01288cf4fba99fd661fdf86ba67d5
SHA512

979a1bb177d364a9bdd8f186d95a124ad562307ab4203ea089386485579fae91afe9cf29437fa20fa2c8be369bebf98a02420fde2f04a7bd89b78022a4160421
SSDEEP

6144:yKUUQRnJ+zy3P9gHbDFseSUVTjSdVs71Rmb7X6OSvlAZxq6HoaxREJSBKBCFyWBR:yKUUYnOqG3FsNs7I7T6uxq6JqSVfJ

Score

10^/10

vidar 1842 discovery stealer

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1842

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

http://116.202.6.206:80

Attributes

profile_id
1842

Targets

- Target
  
  JaffaCakes118_78458d05ce763407de4608a2be563e4ed1c01288cf4fba99fd661fdf86ba67d5
- Size
  
  700.5MB
- MD5
  
  98b5c4a7d8f26a9592ec0210217d5a1b
- SHA1
  
  943a3e16982ea5e2c5a442854602a58d22271e61
- SHA256
  
  78458d05ce763407de4608a2be563e4ed1c01288cf4fba99fd661fdf86ba67d5
- SHA512
  
  979a1bb177d364a9bdd8f186d95a124ad562307ab4203ea089386485579fae91afe9cf29437fa20fa2c8be369bebf98a02420fde2f04a7bd89b78022a4160421
- SSDEEP
  
  6144:yKUUQRnJ+zy3P9gHbDFseSUVTjSdVs71Rmb7X6OSvlAZxq6HoaxREJSBKBCFyWBR:yKUUYnOqG3FsNs7I7T6uxq6JqSVfJ
Score

10^/10

vidar 1842 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1842discoverystealer

behavioral2

vidar1842discoverystealer