vidar

General

Target

JaffaCakes118_85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
Size

761.7MB
Sample

241223-p8pj7aznex
MD5

f0debc46a47f40bbffbf8d563973a0f5
SHA1

62182857b58cddee7903f66710ed0d7827e0d35d
SHA256

85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
SHA512

7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9
SSDEEP

12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1375

C2

https://t.me/deadftx

https://www.tiktok.com/@user6068972597711

http://116.202.2.1:80

Attributes

profile_id
1375

Targets

- Target
  
  JaffaCakes118_85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
- Size
  
  761.7MB
- MD5
  
  f0debc46a47f40bbffbf8d563973a0f5
- SHA1
  
  62182857b58cddee7903f66710ed0d7827e0d35d
- SHA256
  
  85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
- SHA512
  
  7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9
- SSDEEP
  
  12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI
Score

10^/10

vidar 1375 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vidar family

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2