vidar | 168e7f9a8b1925f76799a6f095ba5423f4e9fa224b14a9f2e64911e392ae1f90 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-09-30...xz.exe

windows7-x64

3

2024-09-30...xz.exe

windows10-2004-x64

Sharing

General

Target

2024-09-30_c90c19fa4ce7ada63c63295abe77249c_poet-rat_snatch_zxxz
Size

28.6MB
Sample

240930-rr18rszemn
MD5

c90c19fa4ce7ada63c63295abe77249c
SHA1

9e1089e885eb2c5049e1353d7cbdaefb410dacf2
SHA256

168e7f9a8b1925f76799a6f095ba5423f4e9fa224b14a9f2e64911e392ae1f90
SHA512

14282316e60b19c4e602f1c37183b2bb8cdf27173adb4426fef27ee3d90e2f4f53a6d93575d55dbcb4708dfec52a83a6d6812e8f418c27fe16ee6728432e348d
SSDEEP

196608:GXG1+T//QLRRIlc6WYyNOAGfa0Q4CGOZCStOutpAwfT:yj/XSDD4CGOZCy9tT7

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-09-30_c90c19fa4ce7ada63c63295abe77249c_poet-rat_snatch_zxxz.exe

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-09-30_c90c19fa4ce7ada63c63295abe77249c_poet-rat_snatch_zxxz.exe

Resource

win10v2004-20240802-en

vidar credential_access discovery stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/76561199768374681

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0

Targets

- Target
  
  2024-09-30_c90c19fa4ce7ada63c63295abe77249c_poet-rat_snatch_zxxz
- Size
  
  28.6MB
- MD5
  
  c90c19fa4ce7ada63c63295abe77249c
- SHA1
  
  9e1089e885eb2c5049e1353d7cbdaefb410dacf2
- SHA256
  
  168e7f9a8b1925f76799a6f095ba5423f4e9fa224b14a9f2e64911e392ae1f90
- SHA512
  
  14282316e60b19c4e602f1c37183b2bb8cdf27173adb4426fef27ee3d90e2f4f53a6d93575d55dbcb4708dfec52a83a6d6812e8f418c27fe16ee6728432e348d
- SSDEEP
  
  196608:GXG1+T//QLRRIlc6WYyNOAGfa0Q4CGOZCStOutpAwfT:yj/XSDD4CGOZCy9tT7
Score

10^/10

discovery vidar credential_access stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy