vidar | 4d8488f25d83126b217c7331d34758c9e75f20b63478d386fcc1f6d8738debeb | Triage

Submit
Reports

Overview

overview

Static

static

1

fa41bf610e...74.exe

windows7-x64

fa41bf610e...74.exe

windows10-2004-x64

Sharing

General

Target

0891d36dd26059e8a74ada84fd9885e5.bin
Size

3.3MB
Sample

240720-bc68gasfpe
MD5

2a56302359d970013509c63197ade132
SHA1

5dab247314bcb895e075b23734ccaefe58fe2189
SHA256

4d8488f25d83126b217c7331d34758c9e75f20b63478d386fcc1f6d8738debeb
SHA512

ac7a8d6c2b19251e8088841acac644c32f20dcd30575ff83d554c5bca14e2ff34c9194d7243fee8d354c93e97e3b0cd7e1a168533b1a2d72877e6544a483908b
SSDEEP

49152:wlVy3KamcqrgDycEcpRh/YU2NoNLQPE+nFij1p3UeNF+ZnU2MQGzag91sGw:KXTrM6cTh/MNo+E+nFigKqLa1W

Score

10^/10

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fa41bf610e2af66a75a73cb1d348aecc9a275756710c05be99220bbddbd34674.exe

Resource

win7-20240708-en

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa41bf610e2af66a75a73cb1d348aecc9a275756710c05be99220bbddbd34674.exe

Resource

win10v2004-20240709-en

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

10.5

Botnet

3a901b2c4dd248059af72250cf07aba7

C2

https://t.me/s41l0

https://steamcommunity.com/profiles/76561199743486170

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36

Targets

- Target
  
  fa41bf610e2af66a75a73cb1d348aecc9a275756710c05be99220bbddbd34674.exe
- Size
  
  5.2MB
- MD5
  
  0891d36dd26059e8a74ada84fd9885e5
- SHA1
  
  743f9e888626f1313ef387e4fe4d16c86f092ef9
- SHA256
  
  fa41bf610e2af66a75a73cb1d348aecc9a275756710c05be99220bbddbd34674
- SHA512
  
  874bf077b0878deefae6542d48057aa4291bbb73747da90d24e7b8721c96a83768dd6a9dcc1dd4b00200185a50a4066f3cffd0c09e042863ba0396ac56297782
- SSDEEP
  
  98304:zKWiKUEpu5K2BgXs3eR6xH/KtnojpHXrD8Xs91Ae7Vfy2R1:zKWiKU+AGXuocUnojRXrD8Xs9V7ly2j
Score

10^/10

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar3a901b2c4dd248059af72250cf07aba7spywarestealer

behavioral2

vidar3a901b2c4dd248059af72250cf07aba7spywarestealer

© 2018-2025

Terms | Privacy