vidar | 093ba86ff95c854bf65b00fa0cdf654f9785c4a5695a172a1e696d06bbe29952 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Setup_9988_Password.rar
Size

6.8MB
Sample

240926-nwwbjaydjg
MD5

d249ef18a11ed4dcc480371932d04a23
SHA1

2d23ff8cf793892033ed13d170fdecb7579ec16b
SHA256

093ba86ff95c854bf65b00fa0cdf654f9785c4a5695a172a1e696d06bbe29952
SHA512

dd54c571368114136b1dab460bb6237e1e54009617e154e3cc2081a57e351dbbc192f875aedf1dda1d3e5bafbb674e93256653300f3a01a5155cd73019bc1d61
SSDEEP

196608:IXieaN4vWTji2TXMu8CDRoEpvGn9dGO4c/Pox:GYqvf2Qu8CDGE414Vx

Score

10^/10

vidar 79a8b6682d9ea00c2d6adf6f75870831 discovery persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20240903-en

vidar 79a8b6682d9ea00c2d6adf6f75870831 discovery persistence privilege_escalation stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20240802-en

vidar 79a8b6682d9ea00c2d6adf6f75870831 discovery persistence privilege_escalation stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

7.7

Botnet

79a8b6682d9ea00c2d6adf6f75870831

C2

https://88.198.107.6

https://t.me/newagev

https://steamcommunity.com/profiles/76561199631487327

Attributes

profile_id_v2
79a8b6682d9ea00c2d6adf6f75870831

Targets

- Target
  
  Setup.exe
- Size
  
  202KB
- MD5
  
  64179e64675e822559cac6652298bdfc
- SHA1
  
  cceed3b2441146762512918af7bf7f89fb055583
- SHA256
  
  c26db97858c427d92e393396f7cb7f9e7ed8f9ce616adcc123d0ec6b055b99c9
- SHA512
  
  ef740b35ea5190f8ee47776af1f15ebdd54d39c84da5665e64f67ae6dd0f4b181e955e9a35319a5d0bd764972562e8f2bc44dbdf83c3bedf05674eae902e7280
- SSDEEP
  
  3072:EMtKztOp6KfOQqoY3ltdNjlcwsSdplkrxf+Uyecgw:ELKfOQLY3l9jlcwnlUf+z7gw
Score

10^/10

vidar 79a8b6682d9ea00c2d6adf6f75870831 discovery persistence privilege_escalation stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar79a8b6682d9ea00c2d6adf6f75870831discoverypersistenceprivilege_escalationstealer

behavioral2

vidar79a8b6682d9ea00c2d6adf6f75870831discoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy