vidar | f9e6900b3cf0b20f50dfedc0e2f74ff5b66bf40335b1edfb15200fa5b1026cc1 | Triage

Sharing

General

Target

2024-12-24_6d57879698d5a1322220f5065b288e9a_frostygoop_poet-rat_snatch
Size

4.8MB
Sample

241224-nxn9lswpey
MD5

6d57879698d5a1322220f5065b288e9a
SHA1

daf749266179f05ea63eaf595a4bfbc59cc44b3b
SHA256

f9e6900b3cf0b20f50dfedc0e2f74ff5b66bf40335b1edfb15200fa5b1026cc1
SHA512

67c08b14f057c0be3d2ab85e388e46e0a935d9357f679a4154924507d5de0125929894a51f524342d5d7dd981241626fb98c511cdb41eebeafc04aa963056176
SSDEEP

49152:cpfQgfL06Ien/QV/5EKKyVzpMSqSzXo8fsPx7vwoQXzm4SpE28InoOy3c+Xz8H9J:kowZHn/SBzXtszQXC4Y+Q4

Score

10^/10

vidar 589 discovery stealer

Malware Config

Extracted

Family

vidar

Version

911

Extracted

Family

vidar

Version

2.4

Botnet

589

C2

https://t.me/gurutist

https://steamcommunity.com/profiles/76561199476091435

http://95.216.164.28:80

Attributes

profile_id
589
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36

Targets

- Target
  
  2024-12-24_6d57879698d5a1322220f5065b288e9a_frostygoop_poet-rat_snatch
- Size
  
  4.8MB
- MD5
  
  6d57879698d5a1322220f5065b288e9a
- SHA1
  
  daf749266179f05ea63eaf595a4bfbc59cc44b3b
- SHA256
  
  f9e6900b3cf0b20f50dfedc0e2f74ff5b66bf40335b1edfb15200fa5b1026cc1
- SHA512
  
  67c08b14f057c0be3d2ab85e388e46e0a935d9357f679a4154924507d5de0125929894a51f524342d5d7dd981241626fb98c511cdb41eebeafc04aa963056176
- SSDEEP
  
  49152:cpfQgfL06Ien/QV/5EKKyVzpMSqSzXo8fsPx7vwoQXzm4SpE28InoOy3c+Xz8H9J:kowZHn/SBzXtszQXC4Y+Q4
Score

10^/10

discovery vidar 589 stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar589discoverystealer