vidar | f89ea963fcb584772f149a3c6a576d2a8cb037b3f956ac43dfc9ca0abe310956 | Triage

Submit
Reports

Overview

overview

Static

static

f89ea963fc...6a.exe

windows7-x64

f89ea963fc...6a.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f89ea963fcb584772f149a3c6a576d2a8cb037b3f956a.exe
Size

422KB
Sample

230109-ttnfsseg87
MD5

19b18ab424c9bfe498094eab6e124eb8
SHA1

b78148d95360125fe8e778bbff8d41eb58c48ede
SHA256

f89ea963fcb584772f149a3c6a576d2a8cb037b3f956ac43dfc9ca0abe310956
SHA512

202f57aa334bed6c55731c79804a5d05e879b3b518483668d5d73848b5409882cc90f17a4735fbb6fddb0f0a3ce3bf36c9d022e59b850b77ba679201f9c40b0b
SSDEEP

6144:HoLb1OERwfgniUfKdZn20oOv2bXtirPnE3Z783CbhCWOued79ZDRBM++gw:HwbYERDno0r42bX983CbKuCnM++gw

Score

10^/10

vidar 19 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f89ea963fcb584772f149a3c6a576d2a8cb037b3f956a.exe

Resource

win7-20220901-en

vidar 19 stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

f89ea963fcb584772f149a3c6a576d2a8cb037b3f956a.exe

Resource

win10v2004-20220812-en

vidar 19 discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

1.9

Botnet

19

C2

https://t.me/travelticketshop

https://steamcommunity.com/profiles/76561199469016299

Attributes

profile_id
19

Targets

- Target
  
  f89ea963fcb584772f149a3c6a576d2a8cb037b3f956a.exe
- Size
  
  422KB
- MD5
  
  19b18ab424c9bfe498094eab6e124eb8
- SHA1
  
  b78148d95360125fe8e778bbff8d41eb58c48ede
- SHA256
  
  f89ea963fcb584772f149a3c6a576d2a8cb037b3f956ac43dfc9ca0abe310956
- SHA512
  
  202f57aa334bed6c55731c79804a5d05e879b3b518483668d5d73848b5409882cc90f17a4735fbb6fddb0f0a3ce3bf36c9d022e59b850b77ba679201f9c40b0b
- SSDEEP
  
  6144:HoLb1OERwfgniUfKdZn20oOv2bXtirPnE3Z783CbhCWOued79ZDRBM++gw:HwbYERDno0r42bX983CbKuCnM++gw
Score

10^/10

vidar 19 stealer discovery spyware
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar19discoveryspywarestealer

© 2018-2025

Terms | Privacy