vidar | 002e597cf728daad8a4ac159dbf634571f985ba657e047df8a2a82b9bc49ecf2 | Triage

Sharing

General

Target

JaffaCakes118_002e597cf728daad8a4ac159dbf634571f985ba657e047df8a2a82b9bc49ecf2
Size

682.6MB
Sample

241223-tywb7svlfp
MD5

22328d5e3431101538f08af9672a1406
SHA1

fe9bf7e09397949bf922dc772eb08e22a80be04b
SHA256

002e597cf728daad8a4ac159dbf634571f985ba657e047df8a2a82b9bc49ecf2
SHA512

5373766419bc5339d7c92c62cc3d7928e262d7c8c307bbe77545ae46e5795a83f021627cd57df851b462c854ee651e4fd4260462d12a8005ec28bd081d148f8e
SSDEEP

6291456:p8bSYBSkfXVSt7nsTR4dwl01X9b+6lYzPzm:aSY5NS5kmal01XR+6lYz7m

Score

10^/10

vidar 839 discovery stealer

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

839

C2

https://t.me/gurutist

https://steamcommunity.com/profiles/76561199476091435

http://95.216.164.28:80

Attributes

profile_id
839
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36

Targets

- Target
  
  Setup.exe
- Size
  
  464.6MB
- MD5
  
  350a2e8a8fd1cc46f25ff822b5fef864
- SHA1
  
  6ced61594dbe240d0dbaa548eba526790b6e27f5
- SHA256
  
  83b096c9efd0c9c855b9b8a7d70ebfb7f50e0449a824c52bf18a81b75a6037bd
- SHA512
  
  27d75283812c73fe5e9d0bdfbf590ae00d2f2ae024c1dcc83c16e186ff65f2ceb3b939cef828e1bab7005356ba39d5dd96cca06a7d6fcfd37533aa48e68c2f15
- SSDEEP
  
  24576:Lum9BtnqcmZV0mNzVLjFD23pWVKgnJC2Tld/wCyKkgJe/lgTbSUobuLA4ibic:L3qrZBLfY3pWVrJdf/wPKI/qRob2A4iH
Score

10^/10

vidar 839 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  resource/RedistList/Columm/whipsKnarredFilles/data.dll
- Size
  
  213.8MB
- MD5
  
  867bb097ceb506f01a8b782b121ca852
- SHA1
  
  aefe4d3954cf2de0304ff8a1f5725e4a5ecc41c3
- SHA256
  
  7d0d05dac12f27399dde7699bee3f85c00c7eebaddcfbfdce64533de4055e742
- SHA512
  
  af8cfff829a0417e57215da86689ba892ba40ba8ee7b8f32b7b73fa132b63115d9d10365dd67e89e935316fdcdc06fcff2f0327cc27c434d850993d2365b3831
- SSDEEP
  
  6291456:L8bSYBSkfXVSt7nsTR4dwl01X9b+6lYzPzv:oSY5NS5kmal01XR+6lYz7v
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar839discoverystealer

behavioral2

vidar839discoverystealer

behavioral3

behavioral4