vidar | 505d85e3f2cc036bd585825a9bf3fd03a90a849d76dc29e842a1b3725d0b86ce | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

13.3MB
Sample

230216-vbmbfsaf63
MD5

c8c0bd9fb6afbc25324d767ff3f83b05
SHA1

8399edd9967a9b0a909e98f0ce311ebfa3402ea0
SHA256

505d85e3f2cc036bd585825a9bf3fd03a90a849d76dc29e842a1b3725d0b86ce
SHA512

03e28fef1d830cada115f49d5ed6b85199df3fcd953ca37443e96c2538ba37fc9c3b766f14447aa114fa16b2e9177db741e5b209b0e2479f3b672a0569a70792
SSDEEP

196608:cu3r9+J1zWgjWfVKyLsVXVe7Z2LXOVseTDCOBv9CpsN67lt4xAttU0FEFNPzHUdO:5MJ1zWgCcYYh+VsXOR9CpsAt4xUwNr0Q

Score

10^/10

vidar 645 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220812-en

vidar 645 discovery spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20221111-en

vidar 645 discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

645

Attributes

profile_id
645

Targets

- Target
  
  tmp
- Size
  
  13.3MB
- MD5
  
  c8c0bd9fb6afbc25324d767ff3f83b05
- SHA1
  
  8399edd9967a9b0a909e98f0ce311ebfa3402ea0
- SHA256
  
  505d85e3f2cc036bd585825a9bf3fd03a90a849d76dc29e842a1b3725d0b86ce
- SHA512
  
  03e28fef1d830cada115f49d5ed6b85199df3fcd953ca37443e96c2538ba37fc9c3b766f14447aa114fa16b2e9177db741e5b209b0e2479f3b672a0569a70792
- SSDEEP
  
  196608:cu3r9+J1zWgjWfVKyLsVXVe7Z2LXOVseTDCOBv9CpsN67lt4xAttU0FEFNPzHUdO:5MJ1zWgCcYYh+VsXOR9CpsAt4xUwNr0Q
Score

10^/10

vidar 645 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar645discoveryspywarestealer

behavioral2

vidar645discoveryspywarestealer

© 2018-2025

Terms | Privacy