vidar | 4dcd62b4caace67ea5ba7a98c98979999ce775168fc3d9f1e94c7ec2f46eb4cb | Triage

Submit
Reports

Overview

overview

Static

static

7

setupfile2...ed.exe

windows10-2004-x64

Sharing

General

Target

setupfile2.8.1-truncated.exe
Size

2.0MB
Sample

230130-3erpcaeg8s
MD5

d933f16c807e4e4ddb28d4257ba7599f
SHA1

00fb91289acac5308020a880a1866363e96e0094
SHA256

4dcd62b4caace67ea5ba7a98c98979999ce775168fc3d9f1e94c7ec2f46eb4cb
SHA512

c6ef0af00c8a198aae3dd42b82d63ee76812c91aa531b4d6aa097d10423cbcb726688810bfa07c2bf144230d2b0fb930e234abab824aac87815bbb729db3624f
SSDEEP

49152:8q6SQ9bJ24qRD1Wgi1SiXrTrhCcNRhix:oZJ2/RD1Wgi1SiTocNRhix

Score

10^/10

vidar 656 agilenet spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

setupfile2.8.1-truncated.exe

Resource

win10v2004-20220812-en

vidar 656 agilenet spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

656

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123

Attributes

profile_id
656

Targets

- Target
  
  setupfile2.8.1-truncated.exe
- Size
  
  2.0MB
- MD5
  
  d933f16c807e4e4ddb28d4257ba7599f
- SHA1
  
  00fb91289acac5308020a880a1866363e96e0094
- SHA256
  
  4dcd62b4caace67ea5ba7a98c98979999ce775168fc3d9f1e94c7ec2f46eb4cb
- SHA512
  
  c6ef0af00c8a198aae3dd42b82d63ee76812c91aa531b4d6aa097d10423cbcb726688810bfa07c2bf144230d2b0fb930e234abab824aac87815bbb729db3624f
- SSDEEP
  
  49152:8q6SQ9bJ24qRD1Wgi1SiXrTrhCcNRhix:oZJ2/RD1Wgi1SiTocNRhix
Score

10^/10

vidar 656 agilenet spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Blocklisted process makes network request
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar656agilenetspywarestealer

© 2018-2025

Terms | Privacy