vidar | 5404b9605d8226e51c5a2e9d4f63b31dc96539ecbff11c14138016e7838da1e5 | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

5404b9605d8226e51c5a2e9d4f63b31dc96539ecbff11c14138016e7838da1e5
Size

858KB
Sample

240915-qaspmavbmf
MD5

02edfdc2fb2ff2725436b7646b7f06ad
SHA1

6b6f8ce5a57d18284afd2f819a713b1066fd6660
SHA256

5404b9605d8226e51c5a2e9d4f63b31dc96539ecbff11c14138016e7838da1e5
SHA512

62130603d4a276d5b2f19e14519e4a28c592646602a36a80cfbf4b6e3c5daa191c04a165165985940f4c1b0376fb34dd7253586d44042f4883bdb395f486b0dd
SSDEEP

24576:gICXIncUD5fti6zrGgfF/4l2CxeE6ivsT8FTTnW:DiC5tiol4lrPvsUT

Score

10^/10

vidar 2e711c8b5340db8e327be6ebd943b70a credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5404b9605d8226e51c5a2e9d4f63b31dc96539ecbff11c14138016e7838da1e5.exe

Resource

win10v2004-20240802-en

vidar 2e711c8b5340db8e327be6ebd943b70a credential_access discovery spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

5404b9605d8226e51c5a2e9d4f63b31dc96539ecbff11c14138016e7838da1e5.exe

Resource

win11-20240802-en

vidar 2e711c8b5340db8e327be6ebd943b70a credential_access discovery spyware stealer

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

10.6

Botnet

2e711c8b5340db8e327be6ebd943b70a

C2

https://steamcommunity.com/profiles/76561199747278259

https://t.me/armad2a

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36

Targets

- Target
  
  5404b9605d8226e51c5a2e9d4f63b31dc96539ecbff11c14138016e7838da1e5
- Size
  
  858KB
- MD5
  
  02edfdc2fb2ff2725436b7646b7f06ad
- SHA1
  
  6b6f8ce5a57d18284afd2f819a713b1066fd6660
- SHA256
  
  5404b9605d8226e51c5a2e9d4f63b31dc96539ecbff11c14138016e7838da1e5
- SHA512
  
  62130603d4a276d5b2f19e14519e4a28c592646602a36a80cfbf4b6e3c5daa191c04a165165985940f4c1b0376fb34dd7253586d44042f4883bdb395f486b0dd
- SSDEEP
  
  24576:gICXIncUD5fti6zrGgfF/4l2CxeE6ivsT8FTTnW:DiC5tiol4lrPvsUT
Score

10^/10

vidar 2e711c8b5340db8e327be6ebd943b70a credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar2e711c8b5340db8e327be6ebd943b70acredential_accessdiscoveryspywarestealer

behavioral2

vidar2e711c8b5340db8e327be6ebd943b70acredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy