vidar | 2ccc095e2b7de720513d290dea7ad6cde991ebd3773f5140489a461873cb2ba6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

2ccc095e2b7de720513d290dea7ad6cde991ebd3773f5140489a461873cb2ba6
Size

5.3MB
Sample

240722-fpyt3szenr
MD5

ceb30eeedfc8a3ec47ab32932937a258
SHA1

cd7b3450205111b5f9a39e83c71c34f498ac3262
SHA256

2ccc095e2b7de720513d290dea7ad6cde991ebd3773f5140489a461873cb2ba6
SHA512

1c735264adc4a78af8a454120cb43ecc9a99b8df621af4cc8127ddb84584e5a90db7ffc8f456fdbdfa1c705b62c5abd609faa9b8f0f85c051327a0bd0b34949f
SSDEEP

98304:MZ9Qmqa37Elva2lJXsP5j7Ec+i5vU52Vae+S8u:MZ9Qmqa3Ala2lNG5nEc+ilUfbS8

Score

10^/10

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2ccc095e2b7de720513d290dea7ad6cde991ebd3773f5140489a461873cb2ba6.exe

Resource

win7-20240705-en

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

windows7-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

2ccc095e2b7de720513d290dea7ad6cde991ebd3773f5140489a461873cb2ba6.exe

Resource

win10-20240404-en

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer

windows10-1703-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

vidar

Version

10.5

Botnet

3a901b2c4dd248059af72250cf07aba7

C2

https://t.me/s41l0

https://steamcommunity.com/profiles/76561199743486170

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36

Targets

- Target
  
  2ccc095e2b7de720513d290dea7ad6cde991ebd3773f5140489a461873cb2ba6
- Size
  
  5.3MB
- MD5
  
  ceb30eeedfc8a3ec47ab32932937a258
- SHA1
  
  cd7b3450205111b5f9a39e83c71c34f498ac3262
- SHA256
  
  2ccc095e2b7de720513d290dea7ad6cde991ebd3773f5140489a461873cb2ba6
- SHA512
  
  1c735264adc4a78af8a454120cb43ecc9a99b8df621af4cc8127ddb84584e5a90db7ffc8f456fdbdfa1c705b62c5abd609faa9b8f0f85c051327a0bd0b34949f
- SSDEEP
  
  98304:MZ9Qmqa37Elva2lJXsP5j7Ec+i5vU52Vae+S8u:MZ9Qmqa3Ala2lNG5nEc+ilUfbS8
Score

10^/10

vidar 3a901b2c4dd248059af72250cf07aba7 spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar3a901b2c4dd248059af72250cf07aba7spywarestealer

behavioral2

vidar3a901b2c4dd248059af72250cf07aba7spywarestealer

© 2018-2025

Terms | Privacy