vidar | 5c886d52e67b52314b026485b838c03433c22e3eb2d742b3aee2ee1af1b7e73f | Triage

Sharing

General

Target

JaffaCakes118_5c886d52e67b52314b026485b838c03433c22e3eb2d742b3aee2ee1af1b7e73f
Size

761.7MB
Sample

241223-s5qjvstmfq
MD5

8183daa98ba74e411f3932ec56ffe38d
SHA1

3d2f62bd5046ac5743334b2d487b89494ac73260
SHA256

5c886d52e67b52314b026485b838c03433c22e3eb2d742b3aee2ee1af1b7e73f
SHA512

9488a84080af73eb5537926557632ec0888798da4ae21e9035310930727d51814da7d6ebce35f7643fb0163c1a6f9c9c8ee6384d57c503de5c3c14bf939adab7
SSDEEP

12288:HHtIqPHIJDaem9chU6h/znCfn5AvIX1wMJ5:nIJDRm9lG/DKnOkJ5

Score

10^/10

vidar 1375 discovery stealer

Malware Config

Extracted

Family

vidar

Version

56.3

Botnet

1375

C2

https://t.me/traduttoretg

https://steamcommunity.com/profiles/76561199445991535

http://5.75.253.16:80

Attributes

profile_id
1375

Targets

- Target
  
  JaffaCakes118_5c886d52e67b52314b026485b838c03433c22e3eb2d742b3aee2ee1af1b7e73f
- Size
  
  761.7MB
- MD5
  
  8183daa98ba74e411f3932ec56ffe38d
- SHA1
  
  3d2f62bd5046ac5743334b2d487b89494ac73260
- SHA256
  
  5c886d52e67b52314b026485b838c03433c22e3eb2d742b3aee2ee1af1b7e73f
- SHA512
  
  9488a84080af73eb5537926557632ec0888798da4ae21e9035310930727d51814da7d6ebce35f7643fb0163c1a6f9c9c8ee6384d57c503de5c3c14bf939adab7
- SSDEEP
  
  12288:HHtIqPHIJDaem9chU6h/znCfn5AvIX1wMJ5:nIJDRm9lG/DKnOkJ5
Score

10^/10

vidar 1375 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1375discoverystealer

behavioral2

vidar1375discoverystealer