vidar | b782424ea7fc5ff7a800a63201e3c7dcba6addf794f94fdee90754514701c20d | Triage

Sharing

General

Target

Luna.zip
Size

4.8MB
Sample

250202-lx7pvawpet
MD5

a25d93a90c12faba6336d6950335bf02
SHA1

51c5516dc562c5004f4da342d20747ed8877f8f1
SHA256

b782424ea7fc5ff7a800a63201e3c7dcba6addf794f94fdee90754514701c20d
SHA512

9556edb15da58c4b57223d94c42592e3f82de0ed57c13255ab2f0e0f704e4a7940b3317e91e45017a40db8e051ca6b2fccfabff3c8be23890dc377a67b1ea104
SSDEEP

98304:hBcsjfFvWFTyZXhfGpJhJ3A5eADXVATMZPBB9aTgmJTX6N+0Xh6lzi3r:/twy5NGpJhFA5nOwNBa1D6w0XhuzEr

Score

10^/10

vidar discovery stealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  Luna.zip
- Size
  
  4.8MB
- MD5
  
  a25d93a90c12faba6336d6950335bf02
- SHA1
  
  51c5516dc562c5004f4da342d20747ed8877f8f1
- SHA256
  
  b782424ea7fc5ff7a800a63201e3c7dcba6addf794f94fdee90754514701c20d
- SHA512
  
  9556edb15da58c4b57223d94c42592e3f82de0ed57c13255ab2f0e0f704e4a7940b3317e91e45017a40db8e051ca6b2fccfabff3c8be23890dc377a67b1ea104
- SSDEEP
  
  98304:hBcsjfFvWFTyZXhfGpJhJ3A5eADXVATMZPBB9aTgmJTX6N+0Xh6lzi3r:/twy5NGpJhFA5nOwNBa1D6w0XhuzEr
Score

10^/10

vidar discovery stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer