vidar | 2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469 | Triage

Sharing

General

Target

JaffaCakes118_2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
Size

761.7MB
Sample

241229-m2sbdszmcr
MD5

7dbbd9cb789eef6634df521458707a8e
SHA1

8b145b3a1b8fa985c5951b05a4ea23282e462d6e
SHA256

2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
SHA512

700e0455c0cd79aebd110348706f81c19b43c16c8813009a484e108d99c5f9b2cb94bce93a9c3e73848951eeb39619bd306c24f4ac03f960dee80749e7af1dc3
SSDEEP

98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdSo:wlrJAY55OnT6sNC/45Nxzd/

Score

10^/10

vidar 408 discovery stealer

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

http://49.12.239.21:80

Attributes

profile_id
408

Targets

- Target
  
  JaffaCakes118_2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
- Size
  
  761.7MB
- MD5
  
  7dbbd9cb789eef6634df521458707a8e
- SHA1
  
  8b145b3a1b8fa985c5951b05a4ea23282e462d6e
- SHA256
  
  2ddfeb81cc6f577c6a572d95a9c901f5267df76f102de15570d29766cfe0e469
- SHA512
  
  700e0455c0cd79aebd110348706f81c19b43c16c8813009a484e108d99c5f9b2cb94bce93a9c3e73848951eeb39619bd306c24f4ac03f960dee80749e7af1dc3
- SSDEEP
  
  98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdSo:wlrJAY55OnT6sNC/45Nxzd/
Score

10^/10

vidar 408 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar408discoverystealer

behavioral2

vidar408discoverystealer