vidar | 7e26322a3252a0a583435dd06fcc8827157876daf32796b117bac7045b86b149 | Triage

Submit
Reports

Overview

overview

Static

static

3

downloader.exe

windows7-x64

1

downloader.exe

windows10-2004-x64

Sharing

General

Target

downloader.exe
Size

30.1MB
Sample

250121-p6pr6svncr
MD5

44587b1e41b785cb2f8cd0d3dc282276
SHA1

222be625061bf4b830a7dd5fc2be5e581352ae85
SHA256

7e26322a3252a0a583435dd06fcc8827157876daf32796b117bac7045b86b149
SHA512

f5ea163edbcc9ce46c6e09a7043036a261393358f95223253913d7eb6b076567c6d497769b0649d6c52614f46a97dbf59429af804e5a0adcbbf253d4fad5a0cb
SSDEEP

393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgQ96l+ZArYsFRlc:R3on1HvSzxAMNQFZArYs0

Score

10^/10

vidar xworm discovery execution rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

downloader.exe

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

downloader.exe

Resource

win10v2004-20241007-en

vidar xworm discovery execution rat stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Extracted

Family

xworm

Version

3.1

C2

83.38.24.1:1603

Attributes

Install_directory
%Userprofile%
install_file
USB.exe

Targets

- Target
  
  downloader.exe
- Size
  
  30.1MB
- MD5
  
  44587b1e41b785cb2f8cd0d3dc282276
- SHA1
  
  222be625061bf4b830a7dd5fc2be5e581352ae85
- SHA256
  
  7e26322a3252a0a583435dd06fcc8827157876daf32796b117bac7045b86b149
- SHA512
  
  f5ea163edbcc9ce46c6e09a7043036a261393358f95223253913d7eb6b076567c6d497769b0649d6c52614f46a97dbf59429af804e5a0adcbbf253d4fad5a0cb
- SSDEEP
  
  393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgQ96l+ZArYsFRlc:R3on1HvSzxAMNQFZArYs0
Score

10^/10

vidar xworm discovery execution rat stealer trojan
- Detect Vidar Stealer
  stealer
- Detect Xworm Payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidarxwormdiscoveryexecutionratstealertrojan

© 2018-2025

Terms | Privacy