vidar | ab11ac55f732d41c1516c4c825634ea2889633eff79b0111c1d43c475f872321 | Triage

Submit
Reports

Overview

overview

Static

static

1

537067C176...20.exe

windows10-ltsc 2021-x64

Sharing

General

Target

537067C176C5E36AE81938A38045B520.zip
Size

507KB
Sample

250117-zptd5stkgm
MD5

d5be993b0b5209f409a6ed6a79a105b1
SHA1

4b9cb4cfa5b3593122b47fc12b5527b65ed6b147
SHA256

ab11ac55f732d41c1516c4c825634ea2889633eff79b0111c1d43c475f872321
SHA512

8da98a203291818da957e9eedde651a38e19c7bea9bf5a9341e3f8ba709a84034152c7f474e8fd10c4e992427dc55170a04649aa60a9eeb63250d64f12b9f33f
SSDEEP

12288:jMnpvOmBFtRI/7bl+OCU2Bng+ifIbnGC7PB2LhqT1/:jMp3zI/7JnCfng+rbnZPAoR

Score

10^/10

vidar 0b3bd69430b7d827b107ba2ed809207d credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

537067C176C5E36AE81938A38045B520.exe

Resource

win10ltsc2021-20250113-en

vidar 0b3bd69430b7d827b107ba2ed809207d credential_access discovery spyware stealer

windows10-ltsc 2021-x64

19 signatures

600 seconds

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

0b3bd69430b7d827b107ba2ed809207d

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  537067C176C5E36AE81938A38045B520
- Size
  
  617KB
- MD5
  
  537067c176c5e36ae81938a38045b520
- SHA1
  
  e0666c4acb6df096639dd73e1de2bc6c83f6bb92
- SHA256
  
  2bb01e5626c002242375d09553c52c5c009cb98525170cacca10c3cb72b779d0
- SHA512
  
  1b1a22bec953d1dd50e7317ee97b7df62fff5c1bf2509d8ba3a0ac0b454d30265d3be0959c052634a8895207e9f466efce1d713123dccbddc6b232df7bbd9ac7
- SSDEEP
  
  12288:xCh5qnPSABfUFgwm1EM9ThAtQ9s+yg5suVcU2bU7fFbJcslr7v:xCSnP9JU6jEAtPYgsEFGU7dtxr7v
Score

10^/10

vidar 0b3bd69430b7d827b107ba2ed809207d credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar0b3bd69430b7d827b107ba2ed809207dcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy