vidar | 0db9e114fb628164f24fde65b37ab19e4db07e9a60f1a94c3111dd8e85feef94 | Triage

Sharing

General

Target

Solara.exe
Size

3.7MB
Sample

250129-fyqvts1rfw
MD5

a425e9ae201f3aea1583f56c1194d0d1
SHA1

e533d3fafedec17a344b1f0dca240854c9b67cbb
SHA256

0db9e114fb628164f24fde65b37ab19e4db07e9a60f1a94c3111dd8e85feef94
SHA512

d3b60dc84ae98c4589d31e54c2ac7de83527814cbf442d2211a6b77678d41ba05ae64b8fa39b8d525d0a5df46c510b9881ec944c92e1b82490fbb259e2303def
SSDEEP

49152:+3iYNwJmVVyVfDeCO2sST0tnx8t/dSoV1Yer1nCYr093R+pQis++ELzl/KuBIYyI:+SYzV2O2sUmnoX1+Ri3s+p3y5zMPx

Score

10^/10

vidar discovery stealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  Solara.exe
- Size
  
  3.7MB
- MD5
  
  a425e9ae201f3aea1583f56c1194d0d1
- SHA1
  
  e533d3fafedec17a344b1f0dca240854c9b67cbb
- SHA256
  
  0db9e114fb628164f24fde65b37ab19e4db07e9a60f1a94c3111dd8e85feef94
- SHA512
  
  d3b60dc84ae98c4589d31e54c2ac7de83527814cbf442d2211a6b77678d41ba05ae64b8fa39b8d525d0a5df46c510b9881ec944c92e1b82490fbb259e2303def
- SSDEEP
  
  49152:+3iYNwJmVVyVfDeCO2sST0tnx8t/dSoV1Yer1nCYr093R+pQis++ELzl/KuBIYyI:+SYzV2O2sUmnoX1+Ri3s+p3y5zMPx
Score

10^/10

discovery vidar stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidardiscoverystealer