vidar | 1747353879ce145a264c7e45a54f5a3a80c969185d63ba2a335de49a9c3cd5e1 | Triage

Submit
Reports

Overview

overview

Static

static

99d5a6017c...55.exe

windows7-x64

99d5a6017c...55.exe

windows10-2004-x64

Sharing

General

Target

99d5a6017c22db0916659802a541b155.exe
Size

943KB
Sample

250119-h4xxfazjfx
MD5

99d5a6017c22db0916659802a541b155
SHA1

fcdc010c60bda6f5a11e3b7cb4311de1bda58ac9
SHA256

1747353879ce145a264c7e45a54f5a3a80c969185d63ba2a335de49a9c3cd5e1
SHA512

5e3a1745edf1922cad244f93ab505c650a303b5a72588bb894f76e2b545374bc1943a733b59f92bfdafdb85cd2bf0b0e8d979f04cb8a7b8f65050cfe721d72a8
SSDEEP

24576:zey05nEQXObrQEwMGNL/geFyNcTN+jv75TQn652VBuNyb6:6LZ+bUELGJtF4ch+jvNm0Nyb6

Score

10^/10

vidar 12d6c83ea3cfc666e31df67358e93313 credential_access discovery spyware stealer

Static task

static1

stealer 12d6c83ea3cfc666e31df67358e93313 vidar

3 signatures

Behavioral task

behavioral1

Sample

99d5a6017c22db0916659802a541b155.exe

Resource

win7-20240903-en

vidar 12d6c83ea3cfc666e31df67358e93313 credential_access discovery spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

99d5a6017c22db0916659802a541b155.exe

Resource

win10v2004-20241007-en

vidar 12d6c83ea3cfc666e31df67358e93313 credential_access discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

11.4

Botnet

12d6c83ea3cfc666e31df67358e93313

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  99d5a6017c22db0916659802a541b155.exe
- Size
  
  943KB
- MD5
  
  99d5a6017c22db0916659802a541b155
- SHA1
  
  fcdc010c60bda6f5a11e3b7cb4311de1bda58ac9
- SHA256
  
  1747353879ce145a264c7e45a54f5a3a80c969185d63ba2a335de49a9c3cd5e1
- SHA512
  
  5e3a1745edf1922cad244f93ab505c650a303b5a72588bb894f76e2b545374bc1943a733b59f92bfdafdb85cd2bf0b0e8d979f04cb8a7b8f65050cfe721d72a8
- SSDEEP
  
  24576:zey05nEQXObrQEwMGNL/geFyNcTN+jv75TQn652VBuNyb6:6LZ+bUELGJtF4ch+jvNm0Nyb6
Score

10^/10

vidar 12d6c83ea3cfc666e31df67358e93313 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

stealer12d6c83ea3cfc666e31df67358e93313vidar

behavioral1

vidar12d6c83ea3cfc666e31df67358e93313credential_accessdiscoveryspywarestealer

behavioral2

vidar12d6c83ea3cfc666e31df67358e93313credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy