vidar | 4dc1b446e571a032fd85293306f4142b29fdde874d29dd1cb29e278e75261347 | Triage

Submit
Reports

Overview

overview

Static

static

1

Unlock_Tool.zip

windows11-21h2-x64

Sharing

General

Target

Unlock_Tool.zip
Size

43.6MB
Sample

241005-wsj34aycml
MD5

0a8d7bae2ecf1feda2e708843addc017
SHA1

6c051d228351ea9e94e05f08f40e3ef13bb291c7
SHA256

4dc1b446e571a032fd85293306f4142b29fdde874d29dd1cb29e278e75261347
SHA512

9fb70dc761492973ae0a6ef6420f199fd68f78d09f4484a9899cc5a2a1f2173e3a4e6f05f0ef86f42035b5a9bd7884aef00d4194564081ac1c9913cf6b3e588b
SSDEEP

786432:ewwzTXNNsEjvepzt/EBIgSG/RZhz7nIK7SdwtctWZ1VwEb/wzkXRr2jkzTE:+swUzt/KSGfxDuGiI/HkQzTE

Score

10^/10

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Unlock_Tool.zip

Resource

win11-20240802-en

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer

windows11-21h2-x64

20 signatures

600 seconds

Malware Config

Extracted

Family

vidar

Version

11

Botnet

962abdb0b49579401d25d63a1f697be6

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  Unlock_Tool.zip
- Size
  
  43.6MB
- MD5
  
  0a8d7bae2ecf1feda2e708843addc017
- SHA1
  
  6c051d228351ea9e94e05f08f40e3ef13bb291c7
- SHA256
  
  4dc1b446e571a032fd85293306f4142b29fdde874d29dd1cb29e278e75261347
- SHA512
  
  9fb70dc761492973ae0a6ef6420f199fd68f78d09f4484a9899cc5a2a1f2173e3a4e6f05f0ef86f42035b5a9bd7884aef00d4194564081ac1c9913cf6b3e588b
- SSDEEP
  
  786432:ewwzTXNNsEjvepzt/EBIgSG/RZhz7nIK7SdwtctWZ1VwEb/wzkXRr2jkzTE:+swUzt/KSGfxDuGiI/HkQzTE
Score

10^/10

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar962abdb0b49579401d25d63a1f697be6credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy