vidar | f95b42089a9feafae415e6dc848ae0916252c92f02915f26864ea10d6ab6030f | Triage

Submit
Reports

Overview

overview

Static

static

1

Informatio...al.scr

windows7-x64

Informatio...al.scr

windows10-2004-x64

Sharing

General

Target

f95b42089a9feafae415e6dc848ae0916252c92f02915f26864ea10d6ab6030f.zip
Size

3.0MB
Sample

241104-snr2cs1mez
MD5

f3f9eb8c2050414cbec862125fa4e0d7
SHA1

d71945d599b73b7a89295817d89c80141883973f
SHA256

f95b42089a9feafae415e6dc848ae0916252c92f02915f26864ea10d6ab6030f
SHA512

e96e355bbca15ea5f74c62d35a668690a1fb18c5ccc69f7b5de933c9a7fecfbaa9aa2b0677d881844c19f72bc66a5d071573562c487bea08364a74ac425af935
SSDEEP

49152:ALSEJH/T8j2EpWh3tA7fqUOZZFJuIpEZaU2qqLtvyCEP:yJH78j2rqmUOZZ3uIpMaULC9e

Score

10^/10

vidar ec6d0fe132303eea00070f2f87282a2d credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Information for personal.scr

Resource

win7-20241010-en

vidar ec6d0fe132303eea00070f2f87282a2d credential_access discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Information for personal.scr

Resource

win10v2004-20241007-en

vidar ec6d0fe132303eea00070f2f87282a2d credential_access discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

6.6

Botnet

ec6d0fe132303eea00070f2f87282a2d

C2

https://t.me/bowbrain

https://steamcommunity.com/profiles/76561199572358993

Attributes

profile_id_v2
ec6d0fe132303eea00070f2f87282a2d
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.48 uacq

Targets

- Target
  
  Information for personal.scr
- Size
  
  637.4MB
- MD5
  
  09c4080e5ce3d0a7df482dbef36d5092
- SHA1
  
  8835b4032559719e0c5cc304131f26adcbb5bc46
- SHA256
  
  12a91b2e82c707d31d51479f96465fa74dc599c457a1ed07cd747cf5bf164d9f
- SHA512
  
  d3284853ad3cb260cddbe78e93cb014b023a34342c33734ead05e359fd908b7108783d119e0d474917d7413db5ddc1f54a3c8ad39bd05be8f3428e22d1cab898
- SSDEEP
  
  49152:7jVgiG8hT8cm8U2zkpdt0n/s0YRZHPm4poP2UkCsPt/u:7jimF84UJoE0YRZvm4pk2U/Ahu
Score

10^/10

vidar ec6d0fe132303eea00070f2f87282a2d credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarec6d0fe132303eea00070f2f87282a2dcredential_accessdiscoveryspywarestealer

behavioral2

vidarec6d0fe132303eea00070f2f87282a2dcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy