vidar

Sharing

Copy URL

Twitter E-mail

General

Target

TradingView_Premium_Desktop.zip
Size

63.5MB
Sample

250129-spgxsa1mds
MD5

ac93b57d437496fda1f3d6c0e22fafc0
SHA1

00603b674cc39135c1c438806b75c5cfdd82e687
SHA256

0e6dc61eef774aaaf2688f2d1052089d0740c9e9d80cc9d877b1b6cb6b94a68c
SHA512

15e482cc006363a7c765837dcab5329c6b5e4f6d9741a20222e06ceeb42beb3fd8498b5e0fbb9f4e6171746061b1b3dc74c004a67a9623d8bc4f0355acad62c4
SSDEEP

1572864:NLiywkCMMArFARMjkdgneOKtPBX8GNCkuLhLDDyjgl:2kJNj3eOKUhLDT

Score

10^/10

Malware Config

Extracted

Family

vidar

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  TradingView Premium Desktop.exe
- Size
  
  800.0MB
- MD5
  
  87c22d55039390e021ba244385351eeb
- SHA1
  
  66f39bcfafb2eccde13032d5635b736cdcb8ea4d
- SHA256
  
  54cb78a1ec13e7c16b8dd5873314845e5be004616e36082ced3b64fec5b99d1b
- SHA512
  
  093c51d332b51648005e47246c99b145b95ffbee5a4cb6811a474cdfd8a005b49febe01c35cadb6d38f40e079e96e12c9f45ea3964f956e0293cfdb1ccc63962
- SSDEEP
  
  24576:A3XMwyMuyLcboi2WCcz2xW/Yq7HOP6xlMnw/hqVInp:qpytsMoi23cIWJC6xlMVVInp
Score

10^/10

vidar discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  apt/24.10.4.756/service_update.exe
- Size
  
  3.0MB
- MD5
  
  08bc7cc83e6e174acf48709698a85d8b
- SHA1
  
  0317283b7b1dd70f3c246f8922e03a54e6070e59
- SHA256
  
  585e99c2a0bc73a32feefdbb6f541cea1ccf7af7af6e9521f1fb6218be3a0c5b
- SHA512
  
  d6595f5071dd412baa3c16c96c1a3144c43cb310922a19ef5332d66cf61efee3acc896b96b0597b44d3ce8e431bd1fac02864f90687e7b333a5e745b09afb273
- SSDEEP
  
  49152:jbXv0J0EON2XvZ7I+Eg+ZLqQAqsYXvdC/J0hKYI:jngfWNg+ZSMGN
Score

1^/10
behavioral2
- Target
  
  apt/php/PuTTY/pageant.exe
- Size
  
  441KB
- MD5
  
  803b2afee22551579168e6bae20bb522
- SHA1
  
  9fc471d7fc899efcc2d07680e4d6233138fd359e
- SHA256
  
  3c153dad07cb71c1d89d11c2950ca838af7d3336806b3f5373f573526cce51fd
- SHA512
  
  e78079836be32ea7719568496bc273a37ecd244180434bca8fca04a95597aacdf9f50992a35411a40c18bb9be143e0e355a21e393500b7154ff715308ab69764
- SSDEEP
  
  12288:e5s9HvQj7I8k2cT3bTnQhuhHQwNyiycCE7:FGHy3QhuG8yi7CE7
Score

3^/10

discovery
behavioral3
- Target
  
  apt/php/PuTTY/puttygen.exe
- Size
  
  512KB
- MD5
  
  6bb36aace80503b29b65ebdfa45d44fa
- SHA1
  
  7e4e4de91fbf7d714fca6bbff967f34605f71829
- SHA256
  
  d638744721ed429bb6cbbabe73bcf449018d2c3f32aadf869b9f09920ba645be
- SHA512
  
  d87521142e8f9be4927d27c025f4cfd6683d024609eed8c6d96ab188aff7f7384c8bd41acc0c82c467a4b7f89ae679fb2e5534cb8ae69a1810b59af3e23d3000
- SSDEEP
  
  6144:ySclWFXUUDXDJ941H/4i3QY+sraUPS+EdGZHIeIn83eK/JrAOo6BIjGfGeGrM:itOXDJ941Hwi3T+pUPS+EkIOXdLFfTSM
Score

3^/10

discovery
behavioral4
- Target
  
  apt/php/WinSCP.com
- Size
  
  288KB
- MD5
  
  46c423ce317a55345751e95259db2b7a
- SHA1
  
  4d2678fe47c01293dfa8d8a9127050f0a7f41122
- SHA256
  
  cf44ff181da91b2e6cc2bd58a548404c4e0a25f931492c788b3b14bc4b8afe27
- SHA512
  
  75c1ae29139106a56ff5ba2462defc372987d83d31975755b759a3cd9a59cd6e5d72e28eb106ec35415c9a35629ebb7b7614de04990cff07e276a991ad6089ea
- SSDEEP
  
  3072:oEPGm1l813/7UjTjpWgEokZNNTN6W5NQJVYGOBrwgU+z5Nx8kcgiL8A3XtRS8r3o:hXOIdzFkdN6W5CJVY72+VN/cgiL8ANRk
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5
- Target
  
  apt/php/WinSCP.exe
- Size
  
  21.9MB
- MD5
  
  7c743153124ba4d8ce99c7dfc77f1c06
- SHA1
  
  c5612aeab0d59480bd5a7d6f9e41e0b33470ec1b
- SHA256
  
  8eb7e3e8f3ee31d382359a8a232c984bdaa130584cad11683749026e5df1fdc3
- SHA512
  
  8eeba7ff3f7a3cd0451cb6377db5f9542d47776b13bf96d6f9e693f4a1c6d34cbe68b12448920dea85dc3584773abe78c410e0f5803c8d149c616f47d6986cfd
- SSDEEP
  
  393216:+5XJA7kTq/YAs1YBw50usWQmsgD2VrPD4Px:+/Ke3dyrPE5
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral6
- Target
  
  apt/php/unins000.exe
- Size
  
  3.1MB
- MD5
  
  11878001a28ce434f6eb02aa85c3199b
- SHA1
  
  47dd4e5fb52236913b63d4b520775ba0685a8334
- SHA256
  
  b3a2140b8ca0babc75daea00d59a3804b616b10bacf2559a3b3f510298882065
- SHA512
  
  9afa2daffea483a57f0d85bce9e598792714433bcda3f100562f60066e84d5b506c79b638c20c859c80f039e4b784ad0adce6d10cf059503e624b0fb05ce5be0
- SSDEEP
  
  49152:cWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbF333K/ogj7m50yIUO9:4tLutqgwh4NYxtJpkxhGK333k
Score

5^/10

discovery
- Deletes itself
behavioral7
- Target
  
  ispell/Accessories/wordpad.exe
- Size
  
  2.7MB
- MD5
  
  61173ff6abb1c40e3d3b580126fc5f66
- SHA1
  
  c017e91a526dfbb37293cd79d86a1d7261ed0141
- SHA256
  
  09f10e7344ca61b53a080e4d54c7cb6ecd4e3308254b350906437e29e7a7d9b2
- SHA512
  
  c5c8d5ad867987d18f88ef7d88e86e9a8de13185f17f2e722409816d83147152adb87eab4a88e6327cbb1bd60d0223bbfe8689d54f747438bc66dd93c76cd9da
- SSDEEP
  
  24576:pxHn7MgYE6WM73vT62FxvNEYr8oSUGeP9PDkjjqX+l:pxH7MgYE67BxvWCXSZeP9PDk37l
Score

3^/10

discovery
behavioral8
- Target
  
  ispell/ImagingDevices.exe
- Size
  
  93KB
- MD5
  
  3f6f254d24c457bf33227502ed4f0988
- SHA1
  
  37c8b8b4a7d8e361d951433b8c4cdfa4ab45a8cf
- SHA256
  
  3b08281fa642225f812960aa29a2a3d9a7b0156e454a8efc1fa9b6f6cd7dd46e
- SHA512
  
  eefe74603a163413dcfe9c71df17e59b1170741d0dbd906afbee226c03df59fe2a135320d3a017961d792b95a39a5ac2831953eda8746e9b4230e27cf8a53907
- SSDEEP
  
  1536:guNMCxtfTRVp/G/3W9hKBJjAqQCe1nwdsmZY5TTuUs:znRVJogh4ydDeuwY9TuUs
Score

4^/10

discovery
behavioral9
- Target
  
  ispell/Sounds/DG/PAV3WSC.exe
- Size
  
  149KB
- MD5
  
  8014bff2c0237d2002624d6b76c846c3
- SHA1
  
  70f26ef7d0496d2c23eeac928a7cb43cfff97be9
- SHA256
  
  d71836b7deccb91c9419b064284aa6824fdb06609e44b0adb1a95c976a928388
- SHA512
  
  8bc0cbf8a1f6cfe273700c536e125659b27e290fc71ae0b097e1991dc371a0db0cfe9894bf32538593dbcfb5f6ea8e7d70bbe27178c5f511c75f8ad243a64fff
- SSDEEP
  
  3072:XcYpATai7hZ0Bvz3K540ZSrRQf/cGQi2y:MYSTaiV+Bvz3iSt0rQib
Score

3^/10

discovery
behavioral10
- Target
  
  ispell/profiles/Drivers/prl_net_inst.exe
- Size
  
  81KB
- MD5
  
  d971fdfd2ee69f5d83d03619b8607fce
- SHA1
  
  a3b073d75eb07cf6a3e9e943a8507ebb9e4624e6
- SHA256
  
  169bb0a0910d3f7953cd6f039aa1a83b057ba20d7b206d18230353013b6780ff
- SHA512
  
  a551e2ae0f0f81764312923e0b0a77709ca561063d25c526e63a94b7cc5fa8d891d4549e3e90cd45208de90b05f1b4c708a1fda8270074948ca4778770bdeb48
- SSDEEP
  
  1536:0g9isUkdGIu4GqhxurRsxBS45WkPN/F1fUupW:0g0saIu4GG8RsxBS45ZzfUuk
Score

1^/10
behavioral11
- Target
  
  ispell/profiles/SIA/SharedIntApp.exe
- Size
  
  45KB
- MD5
  
  3bb3c379275fbf98914c0f157b1f684f
- SHA1
  
  f8806ff59973ba21f573816acbe31e42f59f48ef
- SHA256
  
  6113900cd88bca5bb51236b9a256e67739d2d4731677aac441e74680b226b205
- SHA512
  
  7c31fbf4e1580ac0a09e8b972e12bde402d8a3a633efc47ed2f5b6f50660102faf66eaeab0bda83cea09f687a67fa54277878cf6e37a487ce5c3410f3a65e113
- SSDEEP
  
  768:VZuC2NvQMKYtIL80WAyZN+u9V+DBNQ1cs1dKHuU+wXm3/gMeKgYo:IVQMKMD3+G+DBNJIdi+wXmPleyo
Score

3^/10
behavioral12
- Target
  
  ispell/profiles/SIA/mapi32.exe
- Size
  
  31KB
- MD5
  
  23cb7ab8e92a0da2aad62a60e9ff3bcd
- SHA1
  
  0099240b112788f1203234b758f0c5296788ac64
- SHA256
  
  dde7f6673ee5f9a1cf67f28a4b9764884efe7e4e8bbca9877fc4f7eb4ec7346f
- SHA512
  
  7680525eb4578bb27e96fd27273ee7ebb30590ae3e1282e997500886b1d506d80b0cee0dbe1a262fa8d096405081340be9b16920aad88717dcee317bc9c78727
- SSDEEP
  
  384:bU2lgi+YIU/mFI+lrhniTzNEe6Hq8bewFV87gw9yiUZidK/DIych1MeK6ju:bUjXYIUA9u25JeE8ZyzZ0K/gMeKgu
Score

4^/10

discovery
behavioral13
- Target
  
  ispell/profiles/Services/WoW/coherence.exe
- Size
  
  31KB
- MD5
  
  12b096dde36b1409b4ea9c57eb637cd7
- SHA1
  
  6eb2d2416f067b04de04b857c8360d337a97fd8b
- SHA256
  
  3231242e77068579de64af409ebf88d2c53614473aefbf7ce12931d9eafb2e80
- SHA512
  
  9ad8b6922f40af760ece6af64a95374971b2df4078744dc17b742f57f4fd26ceb7f3429e187b3c26674dccaa56d85ebb2a46c67953cad9b171405c3eb5d223c3
- SSDEEP
  
  768:I9cjwH6FtSHaYz9fH3xW7Ec7E1+HKf/gMeKgN:IujwH6rMPfHhW7VHKnlen
Score

3^/10

discovery
behavioral14
- Target
  
  ispell/profiles/Services/coherence.exe
- Size
  
  35KB
- MD5
  
  0800b9e11bfdb853bef558843547786e
- SHA1
  
  01eb1ee5ff8dced2fad78a0845b519c9c82d045d
- SHA256
  
  f50d61348f18d14cf9224a3ada2eda8c80ee495b3303773101432a3652e42cad
- SHA512
  
  c80c11abb09bc83b29d8b96518cee04338d3009dedb36bf871d91cc884e19b0cee5b73df5bad8fa66b38b460709d42b8babb76c8e2622f85dbdf67af2b8ffde9
- SSDEEP
  
  768:Go20DcO6gVUNJwGLCc7T2GTuJf42+BV+Y/gMeKg7d:GD0DcO6guNJ1C02GTuJe+yleP
Score

1^/10
behavioral15
- Target
  
  ispell/profiles/Services/prl_tools.exe
- Size
  
  204KB
- MD5
  
  2b28a796b5c196978a45ce79911a3b88
- SHA1
  
  cdc4378ac4b29708332067edd5f35edaeabdbef9
- SHA256
  
  b6f2735c0e2bc082e2c4e0746b78824fe7ca1ae1c819ed1cd8920012905aded2
- SHA512
  
  09aee7f2a983c463f0c7c02697409114d7c5abd4189265abd066ff901cc44f1c1a239dd4aad8e9703805206c6cee26838378e1db35b1df30f87b007d2d3cb2c3
- SSDEEP
  
  6144:U5iBH0XZRnFVHwItjNz5ZD7S8jALAel9l0Uj:U5S0XTFVQyjNz5c8jALAobj
Score

4^/10
behavioral16
- Target
  
  ispell/profiles/Services/prl_tools_service.exe
- Size
  
  215KB
- MD5
  
  a76d76dc9d173d98507c20c85c3955e0
- SHA1
  
  0e340eaa3202f655e5e1cf647b887cfee38429ec
- SHA256
  
  3b388ae96dcd8b9d443416d21dcabce661c929d6ad6edd24ed8b584d6f8d8f82
- SHA512
  
  b066c91935d2d45d8a55f2621d41326d14436b809c41c8d8064de25d11b4eb8eafb861737ca4fe25f5d1f2ea773f8036efb067fb5280d937ba8edd38ea027fb1
- SSDEEP
  
  3072:FHAZSjxrDGzkrq09sENHG6BUITW5iYJZ95v4UUr8x19xReq+7ItZsEDxn38ASuK/:pAZSjxrDGOsaG6Bi4Kn5gNr851ds77uq
Score

4^/10
behavioral17
- Target
  
  ispell/ru-RU/ImagingDevices.exe.mui
- Size
  
  3KB
- MD5
  
  78c68c4cf140518730fa22d775bc51e9
- SHA1
  
  9e63e11685ebdd12ce1c60cc2e2e7dd39313d2fb
- SHA256
  
  ebb2fbe21cbb3a386170590a09eed5c844d57efcebc6122a75064f1b95070d53
- SHA512
  
  92e7628d70fa68e4f710d00442188aa217cfecf051005609c531222d7d48633925c691e96733f78d5c413fd149860f79290d73ebc4a5f6eed54dd78516054d33
Score

1^/10
behavioral18
- Target
  
  ispell/wab.exe
- Size
  
  504KB
- MD5
  
  2b734c88ce7504d441aa362c41086bfa
- SHA1
  
  ed7a7b1ffe4a6c5db71dbb8f40ea73db463e5531
- SHA256
  
  2681f9a925ad65714e456caef9bc7a61d5206449f7514e9cbc510f63b812f1ad
- SHA512
  
  5b76b5fcfb8dc7c8f03e3e1417025aeaf12e781e921d16845faf93db3cdba68b7b1802f97a85f07ace9ef586cfca4a8475a969b4a65450bbdbc3054afe6ab95c
- SSDEEP
  
  12288:XTx5KRZ18xtSP+szdcIugOO50MMEMOkP:smxtSP+sJ+O5FWPP
Score

3^/10

discovery
behavioral19
- Target
  
  ispell/wabmig.exe
- Size
  
  65KB
- MD5
  
  ad6081f6434a2e186e49f64c069cd8bf
- SHA1
  
  698495aefe64d3afebee4f035ac39a505c5e60ed
- SHA256
  
  7e3b061a41ab3bf3f6f6a701148e50769e1208abab70235b85e1cf0e929729e1
- SHA512
  
  45f8f07cf333ca1ace8aacfe7ec464995df3e54308f8ab1796058b5c16b89da0988f56586bbebaea5fd60e3031e45d1a25c5bb7694201d452d680d6762eb9c5d
- SSDEEP
  
  768:MZFy13ejz6OV99VwhCnQeTF4Fs5p4+2KW0s20Uibyx:MZsgRQeTF4A3WBVUue
Score

3^/10

discovery
behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vidar family

Executes dropped EXE

Enumerates processes with tasklist

Enumerates connected drives

Enumerates connected drives

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20