vidar | e2ff85bf7223c5da15d49475d18c030080de308af569311b4cbafced24397ec9 | Triage

Sharing

General

Target

l.exe
Size

421KB
Sample

250204-td9n4asngp
MD5

17190c7e5163b5c115e3d470f568ee5f
SHA1

ee6050772ea885be7b2acce367b40152227494fa
SHA256

e2ff85bf7223c5da15d49475d18c030080de308af569311b4cbafced24397ec9
SHA512

31b389532d2e83456a2e61c1d580f146efae5b7162f8d5849e69d0f48622cb69afd87a2eaed8152af5e2852b2144352acfc0eaa97d11d935218c2df7c70004bf
SSDEEP

6144:4JbYfCQKpUaHkyblEM0rnDstcla2VsCNaveUfhOwkzknkuHBsIzdqnfbWyoe7u/n:pJMJCbWsmkuHBsIvHd

Score

10^/10

vidar discovery stealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  l.exe
- Size
  
  421KB
- MD5
  
  17190c7e5163b5c115e3d470f568ee5f
- SHA1
  
  ee6050772ea885be7b2acce367b40152227494fa
- SHA256
  
  e2ff85bf7223c5da15d49475d18c030080de308af569311b4cbafced24397ec9
- SHA512
  
  31b389532d2e83456a2e61c1d580f146efae5b7162f8d5849e69d0f48622cb69afd87a2eaed8152af5e2852b2144352acfc0eaa97d11d935218c2df7c70004bf
- SSDEEP
  
  6144:4JbYfCQKpUaHkyblEM0rnDstcla2VsCNaveUfhOwkzknkuHBsIzdqnfbWyoe7u/n:pJMJCbWsmkuHBsIvHd
Score

10^/10

discovery vidar stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidardiscoverystealer