vidar | 949d7e2d0c908dfcc15aad670822144c73e2983fd0a3f3f234b19e044d6aec10 | Triage

Sharing

General

Target

JaffaCakes118_949d7e2d0c908dfcc15aad670822144c73e2983fd0a3f3f234b19e044d6aec10
Size

761.7MB
Sample

241230-1a114szjdq
MD5

4983e5d7ecf7785749b2c3a28007ef84
SHA1

e46dc3f7ab6016ddbd2bb91947a79ad74c9e3137
SHA256

949d7e2d0c908dfcc15aad670822144c73e2983fd0a3f3f234b19e044d6aec10
SHA512

6f3c1af9b015bb7d7587cd4285a5b22780db67cb2ed97f4954fed277d908ce0e74c856523c45028fff05a01fb14499dd821d7a4d792d962ff58018592cfda655
SSDEEP

12288:5Q2KMpyw5VqIZPh+9BsRZ9eU7NmrV3IKjZZWI:gUTVR+BWUr9

Score

10^/10

vidar 408 discovery stealer

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

408

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815

http://157.90.148.112:80

Attributes

profile_id
408

Targets

- Target
  
  JaffaCakes118_949d7e2d0c908dfcc15aad670822144c73e2983fd0a3f3f234b19e044d6aec10
- Size
  
  761.7MB
- MD5
  
  4983e5d7ecf7785749b2c3a28007ef84
- SHA1
  
  e46dc3f7ab6016ddbd2bb91947a79ad74c9e3137
- SHA256
  
  949d7e2d0c908dfcc15aad670822144c73e2983fd0a3f3f234b19e044d6aec10
- SHA512
  
  6f3c1af9b015bb7d7587cd4285a5b22780db67cb2ed97f4954fed277d908ce0e74c856523c45028fff05a01fb14499dd821d7a4d792d962ff58018592cfda655
- SSDEEP
  
  12288:5Q2KMpyw5VqIZPh+9BsRZ9eU7NmrV3IKjZZWI:gUTVR+BWUr9
Score

10^/10

vidar 408 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar408discoverystealer

behavioral2

vidar408discoverystealer