vidar | 0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

0f99eef343...02.exe

windows7-x64

0f99eef343...02.exe

windows10-2004-x64

Sharing

General

Target

0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402.bin
Size

688KB
Sample

230511-w7gxaabd8z
MD5

c9e2ee39f9899dcbb8b51de798971892
SHA1

9104f6cd9b9fa5f7269ed70a8355fc553275bdd9
SHA256

0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402
SHA512

8beb681d70df085fe2b7a1ed5cc69850be87e4d3281b9560aafef1358d495af54b3a45f6b2a3b80c44ab6801d0788148b1bdb5005de24e405f5ae4466cd7dcd4
SSDEEP

12288:ACxHDIAphovDRNKA4N058amG6JtR6wfTbTxwjfwxt:A2H0Apwnr4NuVqgowjfwx

Score

10^/10

vidar cdb48fb567690db37648afd4e1d83137 discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402.exe

Resource

win7-20230220-en

vidar cdb48fb567690db37648afd4e1d83137 discovery spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402.exe

Resource

win10v2004-20230221-en

vidar cdb48fb567690db37648afd4e1d83137 discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

cdb48fb567690db37648afd4e1d83137

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre

Attributes

profile_id_v2
cdb48fb567690db37648afd4e1d83137
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

- Target
  
  0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402.bin
- Size
  
  688KB
- MD5
  
  c9e2ee39f9899dcbb8b51de798971892
- SHA1
  
  9104f6cd9b9fa5f7269ed70a8355fc553275bdd9
- SHA256
  
  0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402
- SHA512
  
  8beb681d70df085fe2b7a1ed5cc69850be87e4d3281b9560aafef1358d495af54b3a45f6b2a3b80c44ab6801d0788148b1bdb5005de24e405f5ae4466cd7dcd4
- SSDEEP
  
  12288:ACxHDIAphovDRNKA4N058amG6JtR6wfTbTxwjfwxt:A2H0Apwnr4NuVqgowjfwx
Score

10^/10

vidar cdb48fb567690db37648afd4e1d83137 discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcdb48fb567690db37648afd4e1d83137discoveryspywarestealer

behavioral2

vidarcdb48fb567690db37648afd4e1d83137discoveryspywarestealer

© 2018-2025

Terms | Privacy