vidar | a7a034b974a5b7b667be84e9c4fcefea839f6549d2e4fcc9409571ac4e69bee6 | Triage

Submit
Reports

Overview

overview

Static

static

3

235be22a82...fb.exe

windows7-x64

235be22a82...fb.exe

windows10-2004-x64

Sharing

General

Target

samples.zip
Size

1.2MB
Sample

250109-tdsetatnaw
MD5

15dbcae142bccf04df5d45247c8f8fd3
SHA1

888d5c96e87675331b113542c4e5218ae2319879
SHA256

a7a034b974a5b7b667be84e9c4fcefea839f6549d2e4fcc9409571ac4e69bee6
SHA512

6cb2626f47672b742e5448cae590f506909a8c4fa68d4a2475f3128d15c64a95ced8380b51b903869b5946e75445d3cb186e85c2737964d7ebda2905d3433c16
SSDEEP

24576:viE4FqAXnVmssiBifT4c4lYOt8ZspXGlEGA0om+KE+oKkhXSMSzvw:vpBAXPj+T4JYO8PJPJySMSzY

Score

10^/10

vidar 91ee094dd9ffff7505d0f982e8e1ca3f credential_access discovery persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

235be22a82cb8890d91c8cd29992fd044a3c802cc0bc55ee293e14ae54700cfb.exe

Resource

win7-20240903-en

vidar 91ee094dd9ffff7505d0f982e8e1ca3f credential_access discovery persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

235be22a82cb8890d91c8cd29992fd044a3c802cc0bc55ee293e14ae54700cfb.exe

Resource

win10v2004-20241007-en

vidar 91ee094dd9ffff7505d0f982e8e1ca3f credential_access discovery persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

91ee094dd9ffff7505d0f982e8e1ca3f

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Targets

- Target
  
  235be22a82cb8890d91c8cd29992fd044a3c802cc0bc55ee293e14ae54700cfb
- Size
  
  2.6MB
- MD5
  
  d7562595687f6b52a4e90b35f2280b04
- SHA1
  
  94a0bd3516d85169faa13ca86cd12ff5f65b4532
- SHA256
  
  235be22a82cb8890d91c8cd29992fd044a3c802cc0bc55ee293e14ae54700cfb
- SHA512
  
  f45db5023061b06797400c1d6815a4b34d3f260942737365781015dc31b34115449ad5832b30010f5fbb2590206757939c748ccbf589efaab0b016c2a8059c2e
- SSDEEP
  
  49152:IKQXc2DfKCPpOSGoA2W5lu7hPHzLNLPnARaLrctI4g+xSfD913Ax3UjgJgI+WpnS:f7gfDA2zxzLNLPARayEj
Score

10^/10

vidar 91ee094dd9ffff7505d0f982e8e1ca3f credential_access discovery persistence spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar91ee094dd9ffff7505d0f982e8e1ca3fcredential_accessdiscoverypersistencespywarestealer

behavioral2

vidar91ee094dd9ffff7505d0f982e8e1ca3fcredential_accessdiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy