vidar | 8567ec919ec83bc38b0a2571acdb62fffbe4f6d6e5384e4968df6d2087d0bf7f | Triage

Submit
Reports

Overview

overview

Static

static

1

NеwIns.rar

windows10-2004-x64

Sharing

General

Target

NеwIns.rar
Size

65.4MB
Sample

241102-m1rngasfpk
MD5

0cb086002283c129a5d7fb74e4dd8cce
SHA1

0f45f5b2001c92b72ce7ad1b374a213c64e6b2a5
SHA256

8567ec919ec83bc38b0a2571acdb62fffbe4f6d6e5384e4968df6d2087d0bf7f
SHA512

2a9e212e0b60881e20f5e54c7337837777defc2905ea977fe1a5f14cd07eab3cb83586612d427199e7ee8f522038d62ef57c2ac470501840e1d92083dc6fd01b
SSDEEP

1572864:zoe9+W67M7lM1Wv9wi1ned93iV6vDX4SDsEGsaXucGtjYxoZ:Ue92pMT1ed9yV6vDdDstFecgWoZ

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

NеwIns.rar

Resource

win10v2004-20241007-en

vidar credential_access discovery stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://5.75.212.182

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  NеwIns.rar
- Size
  
  65.4MB
- MD5
  
  0cb086002283c129a5d7fb74e4dd8cce
- SHA1
  
  0f45f5b2001c92b72ce7ad1b374a213c64e6b2a5
- SHA256
  
  8567ec919ec83bc38b0a2571acdb62fffbe4f6d6e5384e4968df6d2087d0bf7f
- SHA512
  
  2a9e212e0b60881e20f5e54c7337837777defc2905ea977fe1a5f14cd07eab3cb83586612d427199e7ee8f522038d62ef57c2ac470501840e1d92083dc6fd01b
- SSDEEP
  
  1572864:zoe9+W67M7lM1Wv9wi1ned93iV6vDX4SDsEGsaXucGtjYxoZ:Ue92pMT1ed9yV6vDdDstFecgWoZ
Score

10^/10

vidar credential_access discovery stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy