vidar | 4dc1b446e571a032fd85293306f4142b29fdde874d29dd1cb29e278e75261347 | Triage

Submit
Reports

Overview

overview

Static

static

3

Unlock_Tool_1.9.exe

windows10-2004-x64

Sharing

General

Target

Unlock_Tool (linkedin).zip
Size

43.6MB
Sample

241006-jn6p3swakq
MD5

0a8d7bae2ecf1feda2e708843addc017
SHA1

6c051d228351ea9e94e05f08f40e3ef13bb291c7
SHA256

4dc1b446e571a032fd85293306f4142b29fdde874d29dd1cb29e278e75261347
SHA512

9fb70dc761492973ae0a6ef6420f199fd68f78d09f4484a9899cc5a2a1f2173e3a4e6f05f0ef86f42035b5a9bd7884aef00d4194564081ac1c9913cf6b3e588b
SSDEEP

786432:ewwzTXNNsEjvepzt/EBIgSG/RZhz7nIK7SdwtctWZ1VwEb/wzkXRr2jkzTE:+swUzt/KSGfxDuGiI/HkQzTE

Score

10^/10

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Unlock_Tool_1.9.exe

Resource

win10v2004-20240802-en

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

11

Botnet

962abdb0b49579401d25d63a1f697be6

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  Unlock_Tool_1.9.exe
- Size
  
  569KB
- MD5
  
  f8cb4da82ec4542402924057ee21760a
- SHA1
  
  84df82df3e30c1c5d8b98e06d4b266525b7b5b73
- SHA256
  
  f3f89f0de3d1da4f12c1a0abd75dc4db85dcd395e1f1b32c4d9174aa6dbc0130
- SHA512
  
  a8eddd1e217371f47ba20efdcb025967fad3a626a568a4db940d38f93e939e762209241837f82ea34f0c0d27e4aeaf542d4fa7c8ab04718e4413c7183392b23f
- SSDEEP
  
  12288:1oaJhKfgnjXiT/qbO0Y6gdq56Geag0gmx5DZsco/A3YLcruK1MoSYIi:6a6fgbbLEdSapmxRZscXuKSoSJ
Score

10^/10

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar962abdb0b49579401d25d63a1f697be6credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy