vidar | 979e872622b1ae7ca6e9cb3599de8e400b3bfe537d3cb64261dffaa7956baa50 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

@#LATEST_S..._$.rar

windows7-x64

@#LATEST_S..._$.rar

windows10-1703-x64

@#LATEST_S..._$.rar

windows10-2004-x64

@#LATEST_S..._$.rar

windows11-21h2-x64

Sharing

General

Target

@#LATEST_SoftWare_2024_PASSCODE_$.rar
Size

51.5MB
Sample

240429-l8wfysge5s
MD5

c7c3d6aaa70594d6df0b8f3f40a7e2f6
SHA1

74f4da75221222f336009025a358366eaf6c1d68
SHA256

979e872622b1ae7ca6e9cb3599de8e400b3bfe537d3cb64261dffaa7956baa50
SHA512

c23ea4a4c280a529e798a89525fa14b02156d18e8029edb93920dcc1144d1346eb5ff18ebbc80caf55ab391205d7fa0b19d5dab1e029db523648e4b26f7af0b1
SSDEEP

786432:dMPQ7x53FKvsZTMlKxppk7c8joaJ6eWd7Gt9BZjQZfDG3q9PhUwuMr+NegCHR:dMP+/3F6StAoalWd7wOFawVRj

Score

10^/10

vidar 04eb8f77b9c9e4d5a6a6e5a3b727c27e stealer

Static task

static1

Behavioral task

behavioral1

Sample

@#LATEST_SoftWare_2024_PASSCODE_$.rar

Resource

win7-20240215-en

vidar 04eb8f77b9c9e4d5a6a6e5a3b727c27e stealer

windows7-x64

12 signatures

1800 seconds

Behavioral task

behavioral2

Sample

@#LATEST_SoftWare_2024_PASSCODE_$.rar

Resource

win10-20240404-en

vidar 04eb8f77b9c9e4d5a6a6e5a3b727c27e stealer

windows10-1703-x64

14 signatures

1800 seconds

Behavioral task

behavioral3

Sample

@#LATEST_SoftWare_2024_PASSCODE_$.rar

Resource

win10v2004-20240419-en

vidar 04eb8f77b9c9e4d5a6a6e5a3b727c27e stealer

windows10-2004-x64

14 signatures

1800 seconds

Behavioral task

behavioral4

Sample

@#LATEST_SoftWare_2024_PASSCODE_$.rar

Resource

win11-20240419-en

vidar 04eb8f77b9c9e4d5a6a6e5a3b727c27e stealer

windows11-21h2-x64

15 signatures

1800 seconds

Malware Config

Extracted

Family

vidar

Botnet

04eb8f77b9c9e4d5a6a6e5a3b727c27e

C2

https://graims.xyz

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Attributes

profile_id_v2
04eb8f77b9c9e4d5a6a6e5a3b727c27e
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

- Target
  
  @#LATEST_SoftWare_2024_PASSCODE_$.rar
- Size
  
  51.5MB
- MD5
  
  c7c3d6aaa70594d6df0b8f3f40a7e2f6
- SHA1
  
  74f4da75221222f336009025a358366eaf6c1d68
- SHA256
  
  979e872622b1ae7ca6e9cb3599de8e400b3bfe537d3cb64261dffaa7956baa50
- SHA512
  
  c23ea4a4c280a529e798a89525fa14b02156d18e8029edb93920dcc1144d1346eb5ff18ebbc80caf55ab391205d7fa0b19d5dab1e029db523648e4b26f7af0b1
- SSDEEP
  
  786432:dMPQ7x53FKvsZTMlKxppk7c8joaJ6eWd7Gt9BZjQZfDG3q9PhUwuMr+NegCHR:dMP+/3F6StAoalWd7wOFawVRj
Score

10^/10

vidar 04eb8f77b9c9e4d5a6a6e5a3b727c27e stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar04eb8f77b9c9e4d5a6a6e5a3b727c27estealer

behavioral2

vidar04eb8f77b9c9e4d5a6a6e5a3b727c27estealer

behavioral3

vidar04eb8f77b9c9e4d5a6a6e5a3b727c27estealer

behavioral4

vidar04eb8f77b9c9e4d5a6a6e5a3b727c27estealer

© 2018-2025

Terms | Privacy