vidar | 29f23613b6bbcf4014af898be8a29e0807bff07a81f35e179729ee7768daa76d | Triage

Submit
Reports

Overview

overview

Static

static

3

Unlock_Tool_2.1.exe

windows11-21h2-x64

Sharing

General

Target

Unlock_Tool_2.1.exe
Size

569KB
Sample

241008-jk8ehazcpg
MD5

5c2a77e122c1a5300fa6b7b6ea2bbe97
SHA1

3992a943741f08202e725068e1f1144253161587
SHA256

29f23613b6bbcf4014af898be8a29e0807bff07a81f35e179729ee7768daa76d
SHA512

92a151faf0b86b50e437afc4ed103334f10375824eaa9f0e79857691939aa4a9a4db3052f8d59154c9395265c24b9dc4571a7a89983115cd409a0bf800b47754
SSDEEP

12288:ak4txPw9zshLzoO3oLXa17ChTAPdrZwdd5ZFwT4S:a/PwKD17T1wl

Score

10^/10

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Unlock_Tool_2.1.exe

Resource

win11-20241007-en

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

11

Botnet

962abdb0b49579401d25d63a1f697be6

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  Unlock_Tool_2.1.exe
- Size
  
  569KB
- MD5
  
  5c2a77e122c1a5300fa6b7b6ea2bbe97
- SHA1
  
  3992a943741f08202e725068e1f1144253161587
- SHA256
  
  29f23613b6bbcf4014af898be8a29e0807bff07a81f35e179729ee7768daa76d
- SHA512
  
  92a151faf0b86b50e437afc4ed103334f10375824eaa9f0e79857691939aa4a9a4db3052f8d59154c9395265c24b9dc4571a7a89983115cd409a0bf800b47754
- SSDEEP
  
  12288:ak4txPw9zshLzoO3oLXa17ChTAPdrZwdd5ZFwT4S:a/PwKD17T1wl
Score

10^/10

vidar 962abdb0b49579401d25d63a1f697be6 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar962abdb0b49579401d25d63a1f697be6credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy