vidar | a73c4d134f180b9f4047f9be94f3f36b3a2e34469f8c90f70d964778efdc6adc | Triage

Submit
Reports

Overview

overview

Static

static

1

a73c4d134f...dc.exe

windows11-21h2-x64

Resubmissions

13-10-2024 18:36

241013-w8ztgs1fpd 10

13-10-2024 18:32

241013-w6nnfa1emf 10

Sharing

General

Target

a73c4d134f180b9f4047f9be94f3f36b3a2e34469f8c90f70d964778efdc6adc.exe
Size

404KB
Sample

241013-w8ztgs1fpd
MD5

3c9241d0ce97c159d6cfaa49f602fafd
SHA1

3a0320d338544496cb2ed6952d52e740c7f25d03
SHA256

a73c4d134f180b9f4047f9be94f3f36b3a2e34469f8c90f70d964778efdc6adc
SHA512

e7a86d0e92be6c741d53e505d712034f24cc9951fbb0015e6c46b97399eaa358c216de63930728fc1ca7edaaf3ceca3ed1dcab0e1c7bf0c384ba78d22615e9d4
SSDEEP

12288:Dpn81p29d9YRhTe4kashZFxfNvJKXZYDJEO:1Sp29d9YRhi4kasRxfNxfJt

Score

10^/10

vidar 514d77849a01ff8ab7dd99d5f0a2e19e credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a73c4d134f180b9f4047f9be94f3f36b3a2e34469f8c90f70d964778efdc6adc.exe

Resource

win11-20241007-en

vidar 514d77849a01ff8ab7dd99d5f0a2e19e credential_access discovery spyware stealer

windows11-21h2-x64

24 signatures

1800 seconds

Malware Config

Extracted

Family

vidar

Version

11

Botnet

514d77849a01ff8ab7dd99d5f0a2e19e

C2

https://t.me/jamsemlg

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  a73c4d134f180b9f4047f9be94f3f36b3a2e34469f8c90f70d964778efdc6adc.exe
- Size
  
  404KB
- MD5
  
  3c9241d0ce97c159d6cfaa49f602fafd
- SHA1
  
  3a0320d338544496cb2ed6952d52e740c7f25d03
- SHA256
  
  a73c4d134f180b9f4047f9be94f3f36b3a2e34469f8c90f70d964778efdc6adc
- SHA512
  
  e7a86d0e92be6c741d53e505d712034f24cc9951fbb0015e6c46b97399eaa358c216de63930728fc1ca7edaaf3ceca3ed1dcab0e1c7bf0c384ba78d22615e9d4
- SSDEEP
  
  12288:Dpn81p29d9YRhTe4kashZFxfNvJKXZYDJEO:1Sp29d9YRhi4kasRxfNxfJt
Score

10^/10

vidar 514d77849a01ff8ab7dd99d5f0a2e19e credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar514d77849a01ff8ab7dd99d5f0a2e19ecredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy