vidar | 669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0c | Triage

Submit
Reports

Overview

overview

Static

static

3

669520f903...cN.exe

windows7-x64

669520f903...cN.exe

windows10-2004-x64

Sharing

General

Target

669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0cN
Size

571KB
Sample

241011-av1b7szhjk
MD5

67bde3658a9ffcf47a6103eb6df9c660
SHA1

f527e481e7644a0d4b31af37d34226ccd8621ce8
SHA256

669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0c
SHA512

5ec51c39d9f652d3c2e719ed0b4f8ccb39c05b197b9a4fb7bb772743ea7fcffca5ac6ca4966341e012eeddfe12a3104743dbe5849c1c7cdd73001129648177da
SSDEEP

12288:sGWivJ6LrcfSvaiNxA6fl95WCtobUz0Gcj/a4Sl:smJ6RvaMN++0GcL7O

Score

10^/10

vidar 04a7a73c13ab56b51bd29415d6338a92 credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0cN.exe

Resource

win7-20240903-en

vidar 04a7a73c13ab56b51bd29415d6338a92 credential_access discovery spyware stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0cN.exe

Resource

win10v2004-20241007-en

vidar 04a7a73c13ab56b51bd29415d6338a92 credential_access discovery spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

vidar

Version

11

Botnet

04a7a73c13ab56b51bd29415d6338a92

C2

https://t.me/maslengdsa

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0cN
- Size
  
  571KB
- MD5
  
  67bde3658a9ffcf47a6103eb6df9c660
- SHA1
  
  f527e481e7644a0d4b31af37d34226ccd8621ce8
- SHA256
  
  669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0c
- SHA512
  
  5ec51c39d9f652d3c2e719ed0b4f8ccb39c05b197b9a4fb7bb772743ea7fcffca5ac6ca4966341e012eeddfe12a3104743dbe5849c1c7cdd73001129648177da
- SSDEEP
  
  12288:sGWivJ6LrcfSvaiNxA6fl95WCtobUz0Gcj/a4Sl:smJ6RvaMN++0GcL7O
Score

10^/10

vidar 04a7a73c13ab56b51bd29415d6338a92 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar04a7a73c13ab56b51bd29415d6338a92credential_accessdiscoveryspywarestealer

behavioral2

vidar04a7a73c13ab56b51bd29415d6338a92credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy