vidar

General

Target

JaffaCakes118_ed422c419c32f42e75d854a9d44781f24fa771822b0298ecac499e6863920a6c
Size

815.4MB
Sample

241225-zb4b7awpdx
MD5

757a441a4eaad964c783c5b072586b38
SHA1

8abade2a0b0453ce8291852082e62f40b04f5b0a
SHA256

ed422c419c32f42e75d854a9d44781f24fa771822b0298ecac499e6863920a6c
SHA512

6703f43c5d42ab8f9f89c474061cc685153c3c6428fc019a20d9faaf9e31ab41962117a831932266db9f5584e7bbd9da72d856849095837a95b4c395f3d9a81e
SSDEEP

49152:fERHnw1qeeHvLk4E7jrl1mZ47aIotnsPSNNISLfZNlYlV3KGpYHxx/Msj:fE1/HvypotNLfZNlKVs3/Msj

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

755

Extracted

Family

vidar

Version

2.5

Botnet

762

C2

https://t.me/noktasina

https://steamcommunity.com/profiles/76561199478503353

http://95.217.152.87:80

Attributes

profile_id
762
user_agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36

Targets

- Target
  
  JaffaCakes118_ed422c419c32f42e75d854a9d44781f24fa771822b0298ecac499e6863920a6c
- Size
  
  815.4MB
- MD5
  
  757a441a4eaad964c783c5b072586b38
- SHA1
  
  8abade2a0b0453ce8291852082e62f40b04f5b0a
- SHA256
  
  ed422c419c32f42e75d854a9d44781f24fa771822b0298ecac499e6863920a6c
- SHA512
  
  6703f43c5d42ab8f9f89c474061cc685153c3c6428fc019a20d9faaf9e31ab41962117a831932266db9f5584e7bbd9da72d856849095837a95b4c395f3d9a81e
- SSDEEP
  
  49152:fERHnw1qeeHvLk4E7jrl1mZ47aIotnsPSNNISLfZNlYlV3KGpYHxx/Msj:fE1/HvypotNLfZNlKVs3/Msj
Score

10^/10

vidar 762 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vidar family

.NET Reactor proctector

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2