vidar | c1825014c69aa430f2c108e0ab1ed9e13225230e0ab52a435dd578991a901a5b | Triage

Submit
Reports

Overview

overview

Static

static

3

c1825014c6...bN.exe

windows7-x64

c1825014c6...bN.exe

windows10-2004-x64

Sharing

General

Target

c1825014c69aa430f2c108e0ab1ed9e13225230e0ab52a435dd578991a901a5bN
Size

571KB
Sample

241010-3ab34asbld
MD5

ecfbb8664ef39d16219e843ee8d94760
SHA1

82ffcbc7b33d04dfbe6b1120db0c904755568841
SHA256

c1825014c69aa430f2c108e0ab1ed9e13225230e0ab52a435dd578991a901a5b
SHA512

caf7c498bceee20ac7aa5122a2a712fafc4e511a87048804e82508287ab96c5b1d6650d782251ef3b2a5ada7846a5e25930c3597a7957fdf6d3985f67ef11560
SSDEEP

12288:smQcpXoWDMaWqjILatlEruFdhwaSNylGm1kpjBs3E/U4S:soXoIjIprCjTbyj42

Score

10^/10

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c1825014c69aa430f2c108e0ab1ed9e13225230e0ab52a435dd578991a901a5bN.exe

Resource

win7-20240903-en

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

c1825014c69aa430f2c108e0ab1ed9e13225230e0ab52a435dd578991a901a5bN.exe

Resource

win10v2004-20241007-en

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

vidar

Botnet

c0c7c802c4ec94ab4c7fcd88c588698c

C2

https://t.me/maslengdsa

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  c1825014c69aa430f2c108e0ab1ed9e13225230e0ab52a435dd578991a901a5bN
- Size
  
  571KB
- MD5
  
  ecfbb8664ef39d16219e843ee8d94760
- SHA1
  
  82ffcbc7b33d04dfbe6b1120db0c904755568841
- SHA256
  
  c1825014c69aa430f2c108e0ab1ed9e13225230e0ab52a435dd578991a901a5b
- SHA512
  
  caf7c498bceee20ac7aa5122a2a712fafc4e511a87048804e82508287ab96c5b1d6650d782251ef3b2a5ada7846a5e25930c3597a7957fdf6d3985f67ef11560
- SSDEEP
  
  12288:smQcpXoWDMaWqjILatlEruFdhwaSNylGm1kpjBs3E/U4S:soXoIjIprCjTbyj42
Score

10^/10

vidar c0c7c802c4ec94ab4c7fcd88c588698c credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarc0c7c802c4ec94ab4c7fcd88c588698ccredential_accessdiscoveryspywarestealer

behavioral2

vidarc0c7c802c4ec94ab4c7fcd88c588698ccredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy