vidar | fa41bf610e2af66a75a73cb1d348aecc9a275756710c05be99220bbddbd34674 | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

5.2MB
Sample

240718-xlbzksvekh
MD5

0891d36dd26059e8a74ada84fd9885e5
SHA1

743f9e888626f1313ef387e4fe4d16c86f092ef9
SHA256

fa41bf610e2af66a75a73cb1d348aecc9a275756710c05be99220bbddbd34674
SHA512

874bf077b0878deefae6542d48057aa4291bbb73747da90d24e7b8721c96a83768dd6a9dcc1dd4b00200185a50a4066f3cffd0c09e042863ba0396ac56297782
SSDEEP

98304:zKWiKUEpu5K2BgXs3eR6xH/KtnojpHXrD8Xs91Ae7Vfy2R1:zKWiKU+AGXuocUnojRXrD8Xs9V7ly2j

Score

10^/10

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20240704-en

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20240709-en

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

10.5

Botnet

3a901b2c4dd248059af72250cf07aba7

C2

https://t.me/s41l0

https://steamcommunity.com/profiles/76561199743486170

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36

Targets

- Target
  
  file.exe
- Size
  
  5.2MB
- MD5
  
  0891d36dd26059e8a74ada84fd9885e5
- SHA1
  
  743f9e888626f1313ef387e4fe4d16c86f092ef9
- SHA256
  
  fa41bf610e2af66a75a73cb1d348aecc9a275756710c05be99220bbddbd34674
- SHA512
  
  874bf077b0878deefae6542d48057aa4291bbb73747da90d24e7b8721c96a83768dd6a9dcc1dd4b00200185a50a4066f3cffd0c09e042863ba0396ac56297782
- SSDEEP
  
  98304:zKWiKUEpu5K2BgXs3eR6xH/KtnojpHXrD8Xs91Ae7Vfy2R1:zKWiKU+AGXuocUnojRXrD8Xs9V7ly2j
Score

10^/10

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar3a901b2c4dd248059af72250cf07aba7spywarestealer

behavioral2

vidar3a901b2c4dd248059af72250cf07aba7spywarestealer

© 2018-2025

Terms | Privacy