vidar | 3f92fd1cbc5200c8311a20e4a19b37e11fef32c23738c79a9e331f3d9ebbfb75 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

05bae311bb...ed.exe

windows7-x64

05bae311bb...ed.exe

windows10-2004-x64

Sharing

General

Target

05bae311bb96de87f65d0e3548d4c2ed.exe
Size

7.5MB
Sample

220924-3w971sdgdn
MD5

05bae311bb96de87f65d0e3548d4c2ed
SHA1

31a99d3628f9e28e4905a7f6c15f4dd6c76c2244
SHA256

3f92fd1cbc5200c8311a20e4a19b37e11fef32c23738c79a9e331f3d9ebbfb75
SHA512

fb3bca90cc76dfc80ad8eaf446ddded735e6788317797a1c01de1a056c171cb51bf8fc41963f4699dcf0ffc9133d43e5f9efd01114b26925144266bc739610ec
SSDEEP

196608:ewTq2Da99eBrjW+4YkvY5ENNfrxQcSjkpgz1tyOigbPcjQ68XGAaePpfj8uCPaF7:eUEFYRdK

Score

10^/10

vidar 1680 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

05bae311bb96de87f65d0e3548d4c2ed.exe

Resource

win7-20220812-en

vidar 1680 stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

05bae311bb96de87f65d0e3548d4c2ed.exe

Resource

win10v2004-20220901-en

vidar 1680 discovery spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

1680

C2

https://t.me/huobiinside

https://mas.to/@kyriazhs1975

Attributes

profile_id
1680

Targets

- Target
  
  05bae311bb96de87f65d0e3548d4c2ed.exe
- Size
  
  7.5MB
- MD5
  
  05bae311bb96de87f65d0e3548d4c2ed
- SHA1
  
  31a99d3628f9e28e4905a7f6c15f4dd6c76c2244
- SHA256
  
  3f92fd1cbc5200c8311a20e4a19b37e11fef32c23738c79a9e331f3d9ebbfb75
- SHA512
  
  fb3bca90cc76dfc80ad8eaf446ddded735e6788317797a1c01de1a056c171cb51bf8fc41963f4699dcf0ffc9133d43e5f9efd01114b26925144266bc739610ec
- SSDEEP
  
  196608:ewTq2Da99eBrjW+4YkvY5ENNfrxQcSjkpgz1tyOigbPcjQ68XGAaePpfj8uCPaF7:eUEFYRdK
Score

10^/10

vidar 1680 stealer discovery spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1680stealer

behavioral2

vidar1680discoveryspywarestealer

© 2018-2025

Terms | Privacy