vidar | 51c5d0be8f9b5fcab2c0561c1f7df429cfdf9ad0815acd9603ffa0439f6f5271 | Triage

Submit
Reports

Overview

overview

Static

static

7

Setup.exe

windows10-1703-x64

Sharing

General

Target

Setup.exe
Size

3.0MB
Sample

240203-zhqdxahhd5
MD5

c8f647f4e670426ce42b82a7ab6becb2
SHA1

d477236d1c0874d7d45718c4eff1ef7a8ae69344
SHA256

51c5d0be8f9b5fcab2c0561c1f7df429cfdf9ad0815acd9603ffa0439f6f5271
SHA512

0a0fc42f3437e7108627b02cabac9c43cf2dfff4d8de62780183699454e344ead0395fb945b99e7f2cb2d0b6057a2865c6031430ce580a640861f65ea5cabe56
SSDEEP

49152:faiyu1OZJxjqxxQ4tg+7lH5Q6y5QzQHHp/prL38pu+X5/LKLLPDM2FTDpIsOVUTg:SZu1OLZqf3rgh5QUnp13b4eFH02TG

Score

10^/10

vidar 8de874fe964a942b8bd50b84d393b6f8 evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10-20231220-en

vidar 8de874fe964a942b8bd50b84d393b6f8 evasion stealer themida trojan

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

7.6

Botnet

8de874fe964a942b8bd50b84d393b6f8

C2

https://t.me/tvrugrats

https://steamcommunity.com/profiles/76561199627279110

Attributes

profile_id_v2
8de874fe964a942b8bd50b84d393b6f8

Targets

- Target
  
  Setup.exe
- Size
  
  3.0MB
- MD5
  
  c8f647f4e670426ce42b82a7ab6becb2
- SHA1
  
  d477236d1c0874d7d45718c4eff1ef7a8ae69344
- SHA256
  
  51c5d0be8f9b5fcab2c0561c1f7df429cfdf9ad0815acd9603ffa0439f6f5271
- SHA512
  
  0a0fc42f3437e7108627b02cabac9c43cf2dfff4d8de62780183699454e344ead0395fb945b99e7f2cb2d0b6057a2865c6031430ce580a640861f65ea5cabe56
- SSDEEP
  
  49152:faiyu1OZJxjqxxQ4tg+7lH5Q6y5QzQHHp/prL38pu+X5/LKLLPDM2FTDpIsOVUTg:SZu1OLZqf3rgh5QUnp13b4eFH02TG
Score

10^/10

vidar 8de874fe964a942b8bd50b84d393b6f8 evasion stealer themida trojan
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar8de874fe964a942b8bd50b84d393b6f8evasionstealerthemidatrojan

© 2018-2025

Terms | Privacy