vidar | 1d4999768c08d43e6bb91df7d1e2d9903c23d06020b1f24dbe8d6b516a29b393 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-12-20...ch.exe

windows7-x64

2024-12-20...ch.exe

windows10-2004-x64

Sharing

General

Target

2024-12-20_7864deaa9953329b0a490dbab14fb98f_frostygoop_poet-rat_snatch
Size

19.8MB
Sample

241220-2glensvra1
MD5

7864deaa9953329b0a490dbab14fb98f
SHA1

2264b7e1bd13754089844b82a363a243e9b2219e
SHA256

1d4999768c08d43e6bb91df7d1e2d9903c23d06020b1f24dbe8d6b516a29b393
SHA512

8dbf600e86ff2e19c685e040b6120b227f8726c1f38a31e1100f4cb27b8b58b711379838a9f63436a3921e97567f8e393ac0993b14e874af74d9ea2f27ba625d
SSDEEP

49152:uALO5Ug0R4rbJv9iveDrquwzSN4lj3Gn2UQflFUUWxgRgPW2OVN3Pf4pJkKx6G6v:uAa5UPRI7ive/w8nZST/koD

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-12-20_7864deaa9953329b0a490dbab14fb98f_frostygoop_poet-rat_snatch.exe

Resource

win7-20240729-en

vidar discovery stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-20_7864deaa9953329b0a490dbab14fb98f_frostygoop_poet-rat_snatch.exe

Resource

win10v2004-20241007-en

vidar credential_access discovery stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-12-20_7864deaa9953329b0a490dbab14fb98f_frostygoop_poet-rat_snatch
- Size
  
  19.8MB
- MD5
  
  7864deaa9953329b0a490dbab14fb98f
- SHA1
  
  2264b7e1bd13754089844b82a363a243e9b2219e
- SHA256
  
  1d4999768c08d43e6bb91df7d1e2d9903c23d06020b1f24dbe8d6b516a29b393
- SHA512
  
  8dbf600e86ff2e19c685e040b6120b227f8726c1f38a31e1100f4cb27b8b58b711379838a9f63436a3921e97567f8e393ac0993b14e874af74d9ea2f27ba625d
- SSDEEP
  
  49152:uALO5Ug0R4rbJv9iveDrquwzSN4lj3Gn2UQflFUUWxgRgPW2OVN3Pf4pJkKx6G6v:uAa5UPRI7ive/w8nZST/koD
Score

10^/10

vidar discovery stealer credential_access
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2024

Terms | Privacy