vidar | b39871b0d3b4b1bbf994fcc3cece1fa215a7ab98e1d1617b76de3f2c8e611681 | Triage

Sharing

General

Target

JaffaCakes118_b39871b0d3b4b1bbf994fcc3cece1fa215a7ab98e1d1617b76de3f2c8e611681
Size

761.7MB
Sample

241230-grrzzszqfx
MD5

b92a4ca915f87e947fc78cc944e6f8a7
SHA1

d87405c2e56e3a9e83b96ff6bf69e45119e370cc
SHA256

b39871b0d3b4b1bbf994fcc3cece1fa215a7ab98e1d1617b76de3f2c8e611681
SHA512

6ca788aa60848ed4743aa91033e07f3a999ebc85dffc47f45efe7cd4a43346cbde309fbf9e76bfe43edf784cc1e6f345567c6d5e18926bef0533799b566f3f37
SSDEEP

12288:Sy1R5p0OrYM+FiLts6hjiYkJTNIGLV69jJE:Sy1RZYsRs+j8J5f84

Score

10^/10

vidar 1375 discovery stealer

Malware Config

Extracted

Family

vidar

Version

55.6

Botnet

1375

C2

https://t.me/alertbabka7743

http://5.252.177.45:80

Attributes

profile_id
1375

Targets

- Target
  
  JaffaCakes118_b39871b0d3b4b1bbf994fcc3cece1fa215a7ab98e1d1617b76de3f2c8e611681
- Size
  
  761.7MB
- MD5
  
  b92a4ca915f87e947fc78cc944e6f8a7
- SHA1
  
  d87405c2e56e3a9e83b96ff6bf69e45119e370cc
- SHA256
  
  b39871b0d3b4b1bbf994fcc3cece1fa215a7ab98e1d1617b76de3f2c8e611681
- SHA512
  
  6ca788aa60848ed4743aa91033e07f3a999ebc85dffc47f45efe7cd4a43346cbde309fbf9e76bfe43edf784cc1e6f345567c6d5e18926bef0533799b566f3f37
- SSDEEP
  
  12288:Sy1R5p0OrYM+FiLts6hjiYkJTNIGLV69jJE:Sy1RZYsRs+j8J5f84
Score

10^/10

vidar 1375 discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1375discoverystealer

behavioral2

vidar1375discoverystealer