vidar | c1b3b50c6ab0ed4e6e453cd5762585cd10876007f4a2de76fb26f498350c92d7 | Triage

Submit
Reports

Overview

overview

Static

static

3

c1b3b50c6a...d7.exe

windows7-x64

c1b3b50c6a...d7.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c1b3b50c6ab0ed4e6e453cd5762585cd10876007f4a2de76fb26f498350c92d7.exe
Size

4.8MB
Sample

240810-b4bwmszenk
MD5

f3d762fb769f1b2bd26865e91466d473
SHA1

11adc51a020062bfe97c5d0b0e8400c163d73bed
SHA256

c1b3b50c6ab0ed4e6e453cd5762585cd10876007f4a2de76fb26f498350c92d7
SHA512

b3debb1f56949e56785559591e9dd6877513e170a5311ef13856364703cdcc3f70b7b9dcf131d46c20f7d65feef507805ad89bd4469b2400e0323e3436e00607
SSDEEP

49152:GXU7GvcT28J03pVikASp1vYpDbG2b2zjx9oeL5EmmHJju05aIAUXSjNJ:GXU7r03pViaEDbG2bo/tEmmju05HAGs

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c1b3b50c6ab0ed4e6e453cd5762585cd10876007f4a2de76fb26f498350c92d7.exe

Resource

win7-20240704-en

vidar credential_access discovery stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c1b3b50c6ab0ed4e6e453cd5762585cd10876007f4a2de76fb26f498350c92d7.exe

Resource

win10v2004-20240802-en

vidar credential_access discovery stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199747278259

https://t.me/armad2a

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36

Targets

- Target
  
  c1b3b50c6ab0ed4e6e453cd5762585cd10876007f4a2de76fb26f498350c92d7.exe
- Size
  
  4.8MB
- MD5
  
  f3d762fb769f1b2bd26865e91466d473
- SHA1
  
  11adc51a020062bfe97c5d0b0e8400c163d73bed
- SHA256
  
  c1b3b50c6ab0ed4e6e453cd5762585cd10876007f4a2de76fb26f498350c92d7
- SHA512
  
  b3debb1f56949e56785559591e9dd6877513e170a5311ef13856364703cdcc3f70b7b9dcf131d46c20f7d65feef507805ad89bd4469b2400e0323e3436e00607
- SSDEEP
  
  49152:GXU7GvcT28J03pVikASp1vYpDbG2b2zjx9oeL5EmmHJju05aIAUXSjNJ:GXU7r03pViaEDbG2bo/tEmmju05HAGs
Score

10^/10

vidar credential_access discovery stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoverystealer

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy