vidar | c40ca1b97583129f36b23afbf631cea540956a2de185b3a0e62feea244bd23a2 | Triage

Submit
Reports

Overview

overview

Static

static

1

Lauucher-P...24.rar

windows10-2004-x64

Sharing

General

Target

Lauucher-PC_S0FTv2O24.rar
Size

123.0MB
Sample

240229-vn9brafc4z
MD5

85ae2bb9a48d19eb1e251e4c639623b4
SHA1

2d5bd9af080ca22df3c9349fbb763e8f306b50f4
SHA256

c40ca1b97583129f36b23afbf631cea540956a2de185b3a0e62feea244bd23a2
SHA512

ecb320c7837300737fc47148a6d2eba52fe7a1f285e7a91510b92fec27aa042bbeef7e8b6fbe64166c9356ec30a63d305ca40004572dc3cec57b848a7f6796da
SSDEEP

3145728:JBlgdsv/MHqp/BMCgpnlBIeHSHK0xkOeCbJfxS2C4CeGcsxabBx:JLmsv/cqpZMCSlO6wk5CbJfxLC8jsxaT

Score

10^/10

vidar 97b92d10859a319d8736cd53ff3f8868 stealer

Static task

static1

Behavioral task

behavioral1

Sample

Lauucher-PC_S0FTv2O24.rar

Resource

win10v2004-20240226-es

vidar 97b92d10859a319d8736cd53ff3f8868 stealer

windows10-2004-x64

13 signatures

600 seconds

Malware Config

Extracted

Family

vidar

Version

7.8

Botnet

97b92d10859a319d8736cd53ff3f8868

C2

http://5.252.118.12:80

https://t.me/voolkisms

https://t.me/karl3on

https://steamcommunity.com/profiles/76561199637071579

Attributes

profile_id_v2
97b92d10859a319d8736cd53ff3f8868
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Targets

- Target
  
  Lauucher-PC_S0FTv2O24.rar
- Size
  
  123.0MB
- MD5
  
  85ae2bb9a48d19eb1e251e4c639623b4
- SHA1
  
  2d5bd9af080ca22df3c9349fbb763e8f306b50f4
- SHA256
  
  c40ca1b97583129f36b23afbf631cea540956a2de185b3a0e62feea244bd23a2
- SHA512
  
  ecb320c7837300737fc47148a6d2eba52fe7a1f285e7a91510b92fec27aa042bbeef7e8b6fbe64166c9356ec30a63d305ca40004572dc3cec57b848a7f6796da
- SSDEEP
  
  3145728:JBlgdsv/MHqp/BMCgpnlBIeHSHK0xkOeCbJfxS2C4CeGcsxabBx:JLmsv/cqpZMCSlO6wk5CbJfxLC8jsxaT
Score

10^/10

vidar 97b92d10859a319d8736cd53ff3f8868 stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vidar97b92d10859a319d8736cd53ff3f8868stealer

© 2018-2024

Terms | Privacy