vidar | b308ef119eeb47eccbe6c31004f34f68e1816e8d5f37785568f634f28f1fea78 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

AnyDesk/AnyDesk.exe

windows7-x64

AnyDesk/AnyDesk.exe

windows10-2004-x64

Sharing

General

Target

AnyDesk.zip
Size

5.2MB
Sample

221014-l3s4msaddl
MD5

3d172848ceb6b8464948e97e50655fa7
SHA1

6d402377c5cc98819e8d0e4dbcf511703cccb7d8
SHA256

b308ef119eeb47eccbe6c31004f34f68e1816e8d5f37785568f634f28f1fea78
SHA512

702c0a291d28d9bad0debe1999291d4044ed1db29131044a3862a512f183efc7a0d8112e089508bab46ba54c1347e441b7b5dfe2bd564a4800e5574b3dfa2e66
SSDEEP

98304:6OlsVrxlZxgG19hXMhw1VhTJ97dcVHV3fj8aR2Wz5KDDZKcM:6usVlrFVddcVHNNR2W45bM

Score

10^/10

vidar 1340 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk/AnyDesk.exe

Resource

win7-20220901-en

vidar 1340 spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

AnyDesk/AnyDesk.exe

Resource

win10v2004-20220812-en

vidar 1340 discovery spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55

Botnet

1340

C2

https://t.me/truewallets

https://mas.to/@zara99

http://116.203.10.3:80

Attributes

profile_id
1340

Targets

- Target
  
  AnyDesk/AnyDesk.exe
- Size
  
  700.0MB
- MD5
  
  fd63fa7df8db3392b0200021f20bfea0
- SHA1
  
  d1a39db7ed2d9ab3b49a91b94481dd7a4d4cc2aa
- SHA256
  
  5861d5cc8e59860c0e0d54a78ee3ae6e0f2c25cbea56aee62443129c546ea033
- SHA512
  
  ee4a0d4c5265ed5af24942aefb635596a3de7c961553aa129346d411bbcf1fd3595c75fedaaa8dd5d64f5be984a9cdf25c7564a7c7b0f3d9d169498027cbb385
- SSDEEP
  
  98304:3y8sus1dhVMv8tDXvT19ncjZj3djEeZeOdfmZ/vl1:3yTJD7ncjZzBZeOYFl1
Score

10^/10

vidar 1340 spyware stealer discovery
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar1340spywarestealer

behavioral2

vidar1340discoveryspywarestealer

© 2018-2025

Terms | Privacy