vidar | 78883f74e5500ebef095527139d59efe999ce3235b2f49bad95016ca1eb6ba82 | Triage

Submit
Reports

Overview

overview

Static

static

3

78883f74e5...82.exe

windows7-x64

78883f74e5...82.exe

windows10-2004-x64

Sharing

General

Target

78883f74e5500ebef095527139d59efe999ce3235b2f49bad95016ca1eb6ba82.exe
Size

6.2MB
Sample

241027-v6j5ks1cpm
MD5

e4c9c86aca77c94baa1c956539fb0670
SHA1

e7334b384cdb948961893cb8767a8b6f4dcf0c1d
SHA256

78883f74e5500ebef095527139d59efe999ce3235b2f49bad95016ca1eb6ba82
SHA512

6b7ef779f42867960f4c486c43ee464b90a0f5fef2bcfed6dbaa28d68da0be77c49496889ec28d007c666452aad0a6ba25aef28d99aaa0292d2b5326f995eec5
SSDEEP

196608:Go7RLyPaLtaoJai5RgtqHx7JYk12vp7aqUV:T71DEo35RgtqHRk7GV

Score

10^/10

vidar be248f550d2c12b9451f666b78745d64 credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

78883f74e5500ebef095527139d59efe999ce3235b2f49bad95016ca1eb6ba82.exe

Resource

win7-20241023-en

vidar be248f550d2c12b9451f666b78745d64 credential_access discovery spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

78883f74e5500ebef095527139d59efe999ce3235b2f49bad95016ca1eb6ba82.exe

Resource

win10v2004-20241007-en

vidar be248f550d2c12b9451f666b78745d64 credential_access discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

10.8

Botnet

be248f550d2c12b9451f666b78745d64

C2

https://steamcommunity.com/profiles/76561199761128941

https://t.me/iyigunl

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Targets

- Target
  
  78883f74e5500ebef095527139d59efe999ce3235b2f49bad95016ca1eb6ba82.exe
- Size
  
  6.2MB
- MD5
  
  e4c9c86aca77c94baa1c956539fb0670
- SHA1
  
  e7334b384cdb948961893cb8767a8b6f4dcf0c1d
- SHA256
  
  78883f74e5500ebef095527139d59efe999ce3235b2f49bad95016ca1eb6ba82
- SHA512
  
  6b7ef779f42867960f4c486c43ee464b90a0f5fef2bcfed6dbaa28d68da0be77c49496889ec28d007c666452aad0a6ba25aef28d99aaa0292d2b5326f995eec5
- SSDEEP
  
  196608:Go7RLyPaLtaoJai5RgtqHx7JYk12vp7aqUV:T71DEo35RgtqHRk7GV
Score

10^/10

vidar be248f550d2c12b9451f666b78745d64 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarbe248f550d2c12b9451f666b78745d64credential_accessdiscoveryspywarestealer

behavioral2

vidarbe248f550d2c12b9451f666b78745d64credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy