vidar | 7e98e12c73ba2b3cc31c1d6b3b507e434b5a52fd85c9bcf190c684bd706e281a | Triage

Submit
Reports

Overview

overview

Static

static

1

Installer_...45.rar

windows10-2004-x64

Sharing

General

Target

Installer_pswd_12345.rar
Size

23.9MB
Sample

240129-rl9b7adbaj
MD5

e8f8dfddd6c02017cc81f9d63c8f7ec3
SHA1

bc536f36dbcc2c26b2cc8d00d5ed4a9620136c39
SHA256

7e98e12c73ba2b3cc31c1d6b3b507e434b5a52fd85c9bcf190c684bd706e281a
SHA512

8ae8fa85823744a19e9dcf7c7326abca219e25c95d009e1ae2cb0135f6568c05aa21baf16dad3771cd4d124771f498e2d351d9ba6d168f3b089d809f75ce146d
SSDEEP

393216:w8HVqwk8k0hhbYjMd6Nm2uWpFmKwKpB6pHpuQv7erFJksa93F7nQJ6TdcLjIPN3i:bVc8k0UjxNm0CkBuJuQaJVulcoPhi5MA

Score

10^/10

vidar 8fc1cae2d848b9f26e1bb4d2655aff86 stealer

Static task

static1

Behavioral task

behavioral1

Sample

Installer_pswd_12345.rar

Resource

win10v2004-20231215-en

vidar 8fc1cae2d848b9f26e1bb4d2655aff86 stealer

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Extracted

Family

vidar

Version

7.6

Botnet

8fc1cae2d848b9f26e1bb4d2655aff86

C2

https://t.me/tvrugrats

https://steamcommunity.com/profiles/76561199627279110

Attributes

profile_id_v2
8fc1cae2d848b9f26e1bb4d2655aff86

Targets

- Target
  
  Installer_pswd_12345.rar
- Size
  
  23.9MB
- MD5
  
  e8f8dfddd6c02017cc81f9d63c8f7ec3
- SHA1
  
  bc536f36dbcc2c26b2cc8d00d5ed4a9620136c39
- SHA256
  
  7e98e12c73ba2b3cc31c1d6b3b507e434b5a52fd85c9bcf190c684bd706e281a
- SHA512
  
  8ae8fa85823744a19e9dcf7c7326abca219e25c95d009e1ae2cb0135f6568c05aa21baf16dad3771cd4d124771f498e2d351d9ba6d168f3b089d809f75ce146d
- SSDEEP
  
  393216:w8HVqwk8k0hhbYjMd6Nm2uWpFmKwKpB6pHpuQv7erFJksa93F7nQJ6TdcLjIPN3i:bVc8k0UjxNm0CkBuJuQaJVulcoPhi5MA
Score

10^/10

vidar 8fc1cae2d848b9f26e1bb4d2655aff86 stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar8fc1cae2d848b9f26e1bb4d2655aff86stealer

© 2018-2025

Terms | Privacy