vidar | 60c7b93fd71057e6beef15759f04ac62d60b5f28189d3ffcf1f73584c6b15759 | Triage

Submit
Reports

Overview

overview

Static

static

1

Unlock_App_v1.4.rar

windows7-x64

Unlock_App_v1.4.rar

windows10-2004-x64

1

Sharing

General

Target

Unlock_App_v1.4.zip
Size

48.5MB
Sample

241223-damr6avkey
MD5

7697bf9f950a97f6828790e257c61bd7
SHA1

a01d810fa932995e1e4211009c4a39d5c12f2d30
SHA256

60c7b93fd71057e6beef15759f04ac62d60b5f28189d3ffcf1f73584c6b15759
SHA512

0d9c4a59041f9b26ae9aff5f2cf6a1ad2e457179000defb26ae22f7ebb1946e7398d00412b3eaec7c85a89e71da1008ae69603d7d4f069cbf5b6ec0c65e20baf
SSDEEP

1572864:4u22WKNf3rxDyljOP3UqMfBIL482bTnkZpRu/3:4u5W2dMjmxABIqkVu/3

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Unlock_App_v1.4.rar

Resource

win7-20241010-en

vidar credential_access discovery spyware stealer

windows7-x64

19 signatures

900 seconds

Behavioral task

behavioral2

Sample

Unlock_App_v1.4.rar

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

900 seconds

Malware Config

Targets

- Target
  
  Unlock_App_v1.4.rar
- Size
  
  48.5MB
- MD5
  
  dfe1a6d784fd857917e598d6f2ef47b5
- SHA1
  
  57f6b05b78bbac9ecc66970cbed2da2a28add46c
- SHA256
  
  70ef4ae08f85a6a8aedf229c4ebe5e12cf3cc82d955c2731747d619926afa885
- SHA512
  
  20d226d38d9d1f445015c06f0202e5382a8262e167a0004e060f8e25ecf5f46b1ce089a19676508e02d514b4dd5821cb173a7b20dd563c458145aae7cc7c671c
- SSDEEP
  
  1572864:gu22WKNf3rxDyljOP3UqMfBIL482bTnkZpRu/L:gu5W2dMjmxABIqkVu/L
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryspywarestealer

behavioral2

© 2018-2025

Terms | Privacy