Rewterz Threat Alert –Vidar Malware – Active IOCs

Severity

Medium

Analysis Summary

Spyware.Vidar is a product that offers threat actors the option to set their preferences for the stolen information. Besides credit card numbers and passwords, Vidar can also scrape an impressive selection of digital wallets. This spyware can be spread using various campaigns. Vidar, which originally became active in late 2018, is a family of malware that operates primarily as an information stealer and is often observed as a precursor to ransomware deployment. It enables the capture and exfiltration of data from a system, including system information, browser data, and credentials

Impact

• Data exfiltration
• Information theft
• Exposure of sensitive data

Indicators of Compromise

MD5

• 8e771b25550073599c67601bad91b7b4
• bed4a504bebb63464581d09f8bc9eed3

SHA-256

• c0765fd53d64c425a848b89fa1168552fd2cae90984cfa14c0b7d4e0789fece7
• 773197dfe8b35351242b81c1ba189b2745e2367357b806c9a0529e3bf1495940

SHA-1

• 0190b8be28d87e6b59a7b1b1d0d0cb78a199b9d6
• 02a11cb82f711eda570be207ab1f53a7b49cd6f7

Remediation

• Block the threat indicators at their respective controls.
• Search for IOCs in your environment.