vidar | 39bee43ddd3e75352c918e0554acaf8d8e78f0765678a0ab704513ca18822a66

Analysis

Target

39BEE43DDD3E75352C918E0554ACAF8D8E78F0765678A.exe
Size

545KB
MD5

f75d3f9245837bf525c550af11676322
SHA1

3787b1420765f1839f072c3139220ac9a69acbb2
SHA256

39bee43ddd3e75352c918e0554acaf8d8e78f0765678a0ab704513ca18822a66
SHA512

7c825fbef7205331f186326464bc89c5ac2ee7fc3065edf382e0ed684c7807a738aff652c53248502781b4ee5854f54b72d357c318e1b4a12066100dc37128e2

Score

10^/10

Family

vidar

Version

26.1

Botnet

237

http://centos10.com/

Attributes

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata

Vidar Stealer 3 IoCs

stealer

Processes:

resource	yara_rule
behavioral2/memory/2416-131-0x00000000025F0000-0x0000000002679000-memory.dmp	family_vidar
behavioral2/memory/2416-132-0x0000000000400000-0x000000000088B000-memory.dmp	family_vidar
behavioral2/memory/2416-134-0x0000000000400000-0x000000000088B000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\39BEE43DDD3E75352C918E0554ACAF8D8E78F0765678A.exe
"C:\Users\Admin\AppData\Local\Temp\39BEE43DDD3E75352C918E0554ACAF8D8E78F0765678A.exe"
1⤵
PID:2416

memory/2416-130-0x0000000000B6E000-0x0000000000BC5000-memory.dmp

Filesize
348KB

Download
memory/2416-131-0x00000000025F0000-0x0000000002679000-memory.dmp

Filesize
548KB

Download
memory/2416-132-0x0000000000400000-0x000000000088B000-memory.dmp

Filesize
4.5MB

Download
memory/2416-133-0x0000000000B6E000-0x0000000000BC5000-memory.dmp

Filesize
348KB

Download
memory/2416-134-0x0000000000400000-0x000000000088B000-memory.dmp

Filesize
4.5MB

Download