vidar | 604c471648621880aeceac0534190b14e8c3ea05d4bc5bb95a8e777dd82e65aa | Triage

Resubmissions

13-02-2025 13:52

250213-q6fd6syldp 10

13-02-2025 13:47

250213-q3phnsyqgx 10

Sharing

General

Target

1.exe
Size

272KB
Sample

250213-q3phnsyqgx
MD5

dbdfd9ab774d8fa5a56718b1fae7bc95
SHA1

df4c5c42e6b8d3c7324a34a2b017f362d9213558
SHA256

604c471648621880aeceac0534190b14e8c3ea05d4bc5bb95a8e777dd82e65aa
SHA512

d3478dd32f89105cd62997f539961bb69a7eb08ca614f9185c29a32cb96f3dbc87638fea6eb09717ad67696d5aab1a39373aaddf0fd0c057ea6787346d7a31c8
SSDEEP

3072:ne/3hGz8Su8ucwsy7vf7Qy63S9scCh4slxWsr7i9W3WWsZHpV0iukwEEfzqygF/S:n6xqucZy7vf8f3oMRxb/3W1Hp91Gq

Score

10^/10

vidar adware discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  1.exe
- Size
  
  272KB
- MD5
  
  dbdfd9ab774d8fa5a56718b1fae7bc95
- SHA1
  
  df4c5c42e6b8d3c7324a34a2b017f362d9213558
- SHA256
  
  604c471648621880aeceac0534190b14e8c3ea05d4bc5bb95a8e777dd82e65aa
- SHA512
  
  d3478dd32f89105cd62997f539961bb69a7eb08ca614f9185c29a32cb96f3dbc87638fea6eb09717ad67696d5aab1a39373aaddf0fd0c057ea6787346d7a31c8
- SSDEEP
  
  3072:ne/3hGz8Su8ucwsy7vf7Qy63S9scCh4slxWsr7i9W3WWsZHpV0iukwEEfzqygF/S:n6xqucZy7vf8f3oMRxb/3W1Hp91Gq
Score

10^/10

vidar discovery stealer adware persistence privilege_escalation
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidaradwarediscoverypersistenceprivilege_escalationstealer