vidar | ab8eebd2e53caa2b7a5b54fbe1951c048ee4ce1ec1a80f2516b8ea9ef4d6927f | Triage

Submit
Reports

Overview

overview

Static

static

7

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Setup.exe
Size

5.8MB
Sample

241206-czvnmawjds
MD5

bbe78d29491c853102a3facc26496d87
SHA1

f1f0134922b5bde2037526d9eabb9fdb490bebbf
SHA256

ab8eebd2e53caa2b7a5b54fbe1951c048ee4ce1ec1a80f2516b8ea9ef4d6927f
SHA512

95e586e7d966c140fca8990620a6de36ed9cf44727bcc0dfdbe30ff8ede278d9fe32ddbbbb66f61d06c1e57a6dbf45f9df625090248f535b944faba38a550930
SSDEEP

98304:KqQkJnu+p0Ow4mmrEzmPK0wSsS/YP+UAeEpRdMsPa8V8wirc/cQq8hwqk2y0wgjh:KGHp0OoiEyP+SszP+UA/dMIvV8wiEcRC

Score

10^/10

vidar discovery evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20240903-en

vidar discovery evasion stealer themida trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20241007-en

vidar discovery evasion stealer themida trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  5.8MB
- MD5
  
  bbe78d29491c853102a3facc26496d87
- SHA1
  
  f1f0134922b5bde2037526d9eabb9fdb490bebbf
- SHA256
  
  ab8eebd2e53caa2b7a5b54fbe1951c048ee4ce1ec1a80f2516b8ea9ef4d6927f
- SHA512
  
  95e586e7d966c140fca8990620a6de36ed9cf44727bcc0dfdbe30ff8ede278d9fe32ddbbbb66f61d06c1e57a6dbf45f9df625090248f535b944faba38a550930
- SSDEEP
  
  98304:KqQkJnu+p0Ow4mmrEzmPK0wSsS/YP+UAeEpRdMsPa8V8wirc/cQq8hwqk2y0wgjh:KGHp0OoiEyP+SszP+UA/dMIvV8wiEcRC
Score

10^/10

vidar discovery evasion stealer themida trojan
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoveryevasionstealerthemidatrojan

behavioral2

vidardiscoveryevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy