Home / Threat Intelligence bulletins / Vidar- Stealerware

Vidar malware steals data and provides remote command-and-control (C2) functionality on Windows operating systems. This document summarises Quorum Cyber’s analysis of the malware; a separate report provides more in-depth analysis of the malware.

The malware performs data exfiltration on any available data within the affected user’s profile, before installing further C2 persistence mechanisms and interacting with the hxxps:[//]clipper[.]guru domain for further instruction. The malware has been designed with multiple anti-forensics techniques intended to help evade detection and to mislead and frustrate analysis.

The malicious payload was contained within a seemingly legitimate software executable and was presented to the user via a search engine advertisement masquerading as a legitimate resource. This was sufficient to trick the user into downloading and executing it. In this instance, the advertisement offered a free version of the Adobe Illustrator application, while the software executable itself was originally a Yahtzee scoreboard.

Download Quorum Cyber’s analysis of the Vidar malware.

This document provides a summary of our findings, our full analysis will be available later this week. Download now.