vidar | 8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495

Resubmissions

06/01/2025, 12:00 UTC

250106-n6bpwawkdw 10

06/01/2025, 11:52 UTC

250106-n1zvhswjet 10

20/08/2024, 14:25 UTC

240820-rrk7js1blm 10

17/08/2024, 19:28 UTC

240817-x6wvgsvgpk 10

Sharing

Copy URL

Twitter E-mail

General

Target

8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495
Size

181KB
MD5

8604da617d2310a788d55a8a17158926
SHA1

57be5e931ca21c501294dacd4744666adca8dc0a
SHA256

8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495
SHA512

0d1738c8ac0afe0de609744c14ee0deaf7217afa2292df166791508bb4146b1e377b8bec729f74cc077fd78f7fb8bc651552bb74d7614cf1db7cbefd1dad438c
SSDEEP

3072:Pz2c0Rztm8NGdBXtfAzc1Gr/cMvOwUPfbldFw0t+Z0vhAVfDgZkCeJCsNIilreNO:PkseGXXtIg1GrtvOwUPfbldFw0t+Z0vT

Score

10^/10

stealer 877956da9963e0825aa43a159a358f24 vidar

Malware Config

Extracted

Family

vidar

Version

10.7

Botnet

877956da9963e0825aa43a159a358f24

https://steamcommunity.com/profiles/76561199751190313

https://t.me/pech0nk

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495

Files

8b3d1dd675e2e030d63ef5ecd9fa05da46a577d9f3723e7b358e20a4f6892495
.exe windows:5 windows x86 arch:x86

1568f0134067e7ec60ed875a42a44d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??_U@YAPAXI@Z
memcmp
memcpy
strchr
srand
rand
strncpy
malloc
_wtoi64
atexit
??_V@YAXPAX@Z
memchr
strcpy_s
__CxxFrameHandler3
strtok_s
memmove
strlen
memset

kernel32

MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
ExitProcess
GetCurrentProcess
VirtualProtect
lstrlenA
HeapAlloc
GetProcessHeap
lstrlenW
HeapFree
ReadProcessMemory
GetStringTypeW
OpenProcess
GetComputerNameA
FileTimeToSystemTime
CloseHandle
CreateProcessA
WaitForSingleObject
CreateThread
GetDriveTypeA
GetLogicalDriveStringsA
CreateDirectoryA
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
lstrcpyA
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
lstrcatA
GetACP
GetCPInfo
VirtualQueryEx
SetLastError
InterlockedIncrement
LoadLibraryW
TlsSetValue
TlsGetValue
GetModuleFileNameW
InterlockedDecrement
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetProcAddress
GetModuleHandleW
Sleep
GetStdHandle
GetCurrentThreadId

user32

wsprintfW
GetDesktopWindow
CharToOemA

advapi32

GetUserNameA
RegOpenKeyExA
RegGetValueA
GetCurrentHwProfileA

shell32

SHFileOperationA

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

ord155

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

1568f0134067e7ec60ed875a42a44d34

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 9KB - Virtual size: 2.1MB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 17KB - Virtual size: 17KB

We care about your privacy.

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 9KB - Virtual size: 2.1MB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 17KB - Virtual size: 17KB