vidar | 74b05fbc385685bb0f7e5d8420042aa661151be9e93c08383ef933f522ee8e58 | Triage

Submit
Reports

Overview

overview

Static

static

1

74b05fbc38...8N.exe

windows7-x64

74b05fbc38...8N.exe

windows10-2004-x64

Sharing

General

Target

74b05fbc385685bb0f7e5d8420042aa661151be9e93c08383ef933f522ee8e58N
Size

598KB
Sample

241011-wzweps1emq
MD5

b48be27582c0ac8db3785a2e389498d0
SHA1

1494c48a07ab799b0cf2ed9c5105771be1d1581a
SHA256

74b05fbc385685bb0f7e5d8420042aa661151be9e93c08383ef933f522ee8e58
SHA512

be7839ec69a2ebb5efb91123945ca8258a795271b98b09573e1e933352ffa86fb722909a0c920ac75b64755601075193772115bdff0088930b617b2c3459dda5
SSDEEP

12288:E8yf0yrFNqimGLIJT2E3WY5q2EQ8ZB90h3w4Ll64fPsETEO:E8EfrFmTJT2wx5q2EIhg4odmt

Score

10^/10

vidar 5d5c21db908d8fe19952873f9f748174 credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

74b05fbc385685bb0f7e5d8420042aa661151be9e93c08383ef933f522ee8e58N.exe

Resource

win7-20240903-en

vidar 5d5c21db908d8fe19952873f9f748174 credential_access discovery spyware stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

74b05fbc385685bb0f7e5d8420042aa661151be9e93c08383ef933f522ee8e58N.exe

Resource

win10v2004-20241007-en

vidar 5d5c21db908d8fe19952873f9f748174 credential_access discovery spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

vidar

Botnet

5d5c21db908d8fe19952873f9f748174

C2

https://t.me/maslengdsa

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  74b05fbc385685bb0f7e5d8420042aa661151be9e93c08383ef933f522ee8e58N
- Size
  
  598KB
- MD5
  
  b48be27582c0ac8db3785a2e389498d0
- SHA1
  
  1494c48a07ab799b0cf2ed9c5105771be1d1581a
- SHA256
  
  74b05fbc385685bb0f7e5d8420042aa661151be9e93c08383ef933f522ee8e58
- SHA512
  
  be7839ec69a2ebb5efb91123945ca8258a795271b98b09573e1e933352ffa86fb722909a0c920ac75b64755601075193772115bdff0088930b617b2c3459dda5
- SSDEEP
  
  12288:E8yf0yrFNqimGLIJT2E3WY5q2EQ8ZB90h3w4Ll64fPsETEO:E8EfrFmTJT2wx5q2EIhg4odmt
Score

10^/10

vidar 5d5c21db908d8fe19952873f9f748174 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar5d5c21db908d8fe19952873f9f748174credential_accessdiscoveryspywarestealer

behavioral2

vidar5d5c21db908d8fe19952873f9f748174credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy