vidar | 8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495 | Triage

Resubmissions

06-01-2025 12:00

250106-n6bpwawkdw 10

06-01-2025 11:52

250106-n1zvhswjet 10

20-08-2024 14:25

240820-rrk7js1blm 10

17-08-2024 19:28

240817-x6wvgsvgpk 10

Sharing

General

Target

8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495
Size

181KB
Sample

250106-n1zvhswjet
MD5

8604da617d2310a788d55a8a17158926
SHA1

57be5e931ca21c501294dacd4744666adca8dc0a
SHA256

8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495
SHA512

0d1738c8ac0afe0de609744c14ee0deaf7217afa2292df166791508bb4146b1e377b8bec729f74cc077fd78f7fb8bc651552bb74d7614cf1db7cbefd1dad438c
SSDEEP

3072:Pz2c0Rztm8NGdBXtfAzc1Gr/cMvOwUPfbldFw0t+Z0vhAVfDgZkCeJCsNIilreNO:PkseGXXtIg1GrtvOwUPfbldFw0t+Z0vT

Score

10^/10

vidar 877956da9963e0825aa43a159a358f24 credential_access discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

10.7

Botnet

877956da9963e0825aa43a159a358f24

C2

https://steamcommunity.com/profiles/76561199751190313

https://t.me/pech0nk

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Targets

- Target
  
  8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495
- Size
  
  181KB
- MD5
  
  8604da617d2310a788d55a8a17158926
- SHA1
  
  57be5e931ca21c501294dacd4744666adca8dc0a
- SHA256
  
  8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495
- SHA512
  
  0d1738c8ac0afe0de609744c14ee0deaf7217afa2292df166791508bb4146b1e377b8bec729f74cc077fd78f7fb8bc651552bb74d7614cf1db7cbefd1dad438c
- SSDEEP
  
  3072:Pz2c0Rztm8NGdBXtfAzc1Gr/cMvOwUPfbldFw0t+Z0vhAVfDgZkCeJCsNIilreNO:PkseGXXtIg1GrtvOwUPfbldFw0t+Z0vT
Score

7^/10

credential_access discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

stealer877956da9963e0825aa43a159a358f24vidar

behavioral1

credential_accessdiscoveryspywarestealer

behavioral2

credential_accessdiscoveryspywarestealer