vidar | 38b12248eb12eb0105d3ea03ac1a0aab17563757ddc16ce7d9bc6dbd4833f1fa | Triage

Submit
Reports

Overview

overview

Static

static

3

38b12248eb...fa.exe

windows7-x64

38b12248eb...fa.exe

windows10-2004-x64

Sharing

General

Target

38b12248eb12eb0105d3ea03ac1a0aab17563757ddc16ce7d9bc6dbd4833f1fa
Size

551KB
Sample

241004-ytw56aybkf
MD5

ea498476e2b5c2f16d1d4156366f2c0a
SHA1

3b32fd255292eeabc5360c0ec8b7e88d0b1c46e3
SHA256

38b12248eb12eb0105d3ea03ac1a0aab17563757ddc16ce7d9bc6dbd4833f1fa
SHA512

81cc501b9a7aeed02acf86f511371d6518a643e0c4f5ae49494fedfd29671947513b682f8602c5c0ed69f9cb368944471cd09fe7d7609c5593359d81a3560176
SSDEEP

12288:IKzXYJTVv8jNUQlvn/2S5caurW11dSbGQRSjnZFRK0N2egsP:IsCVtuQ+1zRKY/J

Score

10^/10

vidar discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

38b12248eb12eb0105d3ea03ac1a0aab17563757ddc16ce7d9bc6dbd4833f1fa.exe

Resource

win7-20240729-en

vidar discovery stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

38b12248eb12eb0105d3ea03ac1a0aab17563757ddc16ce7d9bc6dbd4833f1fa.exe

Resource

win10v2004-20240910-en

vidar discovery stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

http://proxy.johnmccrea.com/

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  38b12248eb12eb0105d3ea03ac1a0aab17563757ddc16ce7d9bc6dbd4833f1fa
- Size
  
  551KB
- MD5
  
  ea498476e2b5c2f16d1d4156366f2c0a
- SHA1
  
  3b32fd255292eeabc5360c0ec8b7e88d0b1c46e3
- SHA256
  
  38b12248eb12eb0105d3ea03ac1a0aab17563757ddc16ce7d9bc6dbd4833f1fa
- SHA512
  
  81cc501b9a7aeed02acf86f511371d6518a643e0c4f5ae49494fedfd29671947513b682f8602c5c0ed69f9cb368944471cd09fe7d7609c5593359d81a3560176
- SSDEEP
  
  12288:IKzXYJTVv8jNUQlvn/2S5caurW11dSbGQRSjnZFRK0N2egsP:IsCVtuQ+1zRKY/J
Score

10^/10

vidar discovery stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidardiscoverystealer

© 2018-2025

Terms | Privacy