vidar | 81a69ae81239de2b87658d6056fe0b9dfb1663c5dacc279646a22b47af06c478 | Triage

Submit
Reports

Overview

overview

Static

static

3

88f173d310...KI.exe

windows7-x64

88f173d310...KI.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

88f173d3106eec489eeb0cfb9d93ab90_NEIKI
Size

276KB
Sample

240508-2vzt8aca4y
MD5

88f173d3106eec489eeb0cfb9d93ab90
SHA1

8ea7e398491bdd803956ba29660a6d5fe7c69692
SHA256

81a69ae81239de2b87658d6056fe0b9dfb1663c5dacc279646a22b47af06c478
SHA512

510832b3a68c9e9839763736e49eaa9cfd5d4dc00e8b17edec18e56d0252e8077485d1b56eabbc2b658badbb579d610ef1c0e32505389ec429f314d4fd43ce3f
SSDEEP

3072:TAfmxj3LlZF9H+52cTKqRMIsWkll98jTfjBbBBhRXQrt7ovbeBT:/lp9m2cTUqASTfj9B5k9M

Score

10^/10

vidar d1fd1813828c51f2b0fb9c5d1459b66c discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

88f173d3106eec489eeb0cfb9d93ab90_NEIKI.exe

Resource

win7-20240221-en

vidar d1fd1813828c51f2b0fb9c5d1459b66c discovery spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

88f173d3106eec489eeb0cfb9d93ab90_NEIKI.exe

Resource

win10v2004-20240508-en

vidar d1fd1813828c51f2b0fb9c5d1459b66c discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

6.5

Botnet

d1fd1813828c51f2b0fb9c5d1459b66c

C2

https://t.me/starcofeeth

https://steamcommunity.com/profiles/76561199571056594

Attributes

profile_id_v2
d1fd1813828c51f2b0fb9c5d1459b66c
user_agent
Mozilla/5.0 (X11; CrOS x86_64 15329.59.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

Targets

- Target
  
  88f173d3106eec489eeb0cfb9d93ab90_NEIKI
- Size
  
  276KB
- MD5
  
  88f173d3106eec489eeb0cfb9d93ab90
- SHA1
  
  8ea7e398491bdd803956ba29660a6d5fe7c69692
- SHA256
  
  81a69ae81239de2b87658d6056fe0b9dfb1663c5dacc279646a22b47af06c478
- SHA512
  
  510832b3a68c9e9839763736e49eaa9cfd5d4dc00e8b17edec18e56d0252e8077485d1b56eabbc2b658badbb579d610ef1c0e32505389ec429f314d4fd43ce3f
- SSDEEP
  
  3072:TAfmxj3LlZF9H+52cTKqRMIsWkll98jTfjBbBBhRXQrt7ovbeBT:/lp9m2cTUqASTfj9B5k9M
Score

10^/10

vidar d1fd1813828c51f2b0fb9c5d1459b66c discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidard1fd1813828c51f2b0fb9c5d1459b66cdiscoveryspywarestealer

behavioral2

vidard1fd1813828c51f2b0fb9c5d1459b66cdiscoveryspywarestealer

© 2018-2025

Terms | Privacy