vidar | 6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8 | Triage

Submit
Reports

Overview

overview

Static

static

6fec179c36...e8.exe

windows7-x64

6fec179c36...e8.exe

windows10-2004-x64

Sharing

General

Target

6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8.exe
Size

144KB
Sample

241221-c6dzfs1lck
MD5

cc36e2a5a3c64941a79c31ca320e9797
SHA1

50c8f5db809cfec84735c9f4dcd6b55d53dfd9f5
SHA256

6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8
SHA512

fcea6d62dc047e40182dc4ff1e0522ca935f9aeefdb1517957977bc5d9ac654285a973261401f3b98abf1f6ed62638b9e31306fd7aaeb67214ca42dfc2888af0
SSDEEP

3072:lOBRrLUOPed9xOi756fJnhsRSK2C22/m4ESZo3XRYzXIkQfyXzdEpx:A/rLVPW0nsP2Xy+TJfWzW7

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8.exe

Resource

win7-20240903-en

vidar credential_access discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8.exe

Resource

win10v2004-20241007-en

vidar credential_access discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8.exe
- Size
  
  144KB
- MD5
  
  cc36e2a5a3c64941a79c31ca320e9797
- SHA1
  
  50c8f5db809cfec84735c9f4dcd6b55d53dfd9f5
- SHA256
  
  6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8
- SHA512
  
  fcea6d62dc047e40182dc4ff1e0522ca935f9aeefdb1517957977bc5d9ac654285a973261401f3b98abf1f6ed62638b9e31306fd7aaeb67214ca42dfc2888af0
- SSDEEP
  
  3072:lOBRrLUOPed9xOi756fJnhsRSK2C22/m4ESZo3XRYzXIkQfyXzdEpx:A/rLVPW0nsP2Xy+TJfWzW7
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryspywarestealer

behavioral2

vidarcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy