vidar | a3a5303a15cf016427104042c4968b9483abbb062af46fc138d4401078f2fe84 | Triage

Submit
Reports

Overview

overview

Static

static

1

test.hta

windows7-x64

test.hta

windows10-2004-x64

Sharing

General

Target

test.hta
Size

1KB
Sample

250122-gm1fkaskhk
MD5

1dfba5185b0ae861c21126772ac49ea0
SHA1

37c29cdb305fbd84ad1a1ef374c879c050081d08
SHA256

a3a5303a15cf016427104042c4968b9483abbb062af46fc138d4401078f2fe84
SHA512

edfb52732ea84bee692123596c9016a075369ee378ac99e6f359c4eeddc541c39b929b482a6fb544c76469b007c661533b2fc12d27ac644decc29697b776e4e1

Score

10^/10

vidar discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

test.hta

Resource

win7-20240903-en

vidar discovery stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

test.hta

Resource

win10v2004-20241007-en

vidar discovery stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  test.hta
- Size
  
  1KB
- MD5
  
  1dfba5185b0ae861c21126772ac49ea0
- SHA1
  
  37c29cdb305fbd84ad1a1ef374c879c050081d08
- SHA256
  
  a3a5303a15cf016427104042c4968b9483abbb062af46fc138d4401078f2fe84
- SHA512
  
  edfb52732ea84bee692123596c9016a075369ee378ac99e6f359c4eeddc541c39b929b482a6fb544c76469b007c661533b2fc12d27ac644decc29697b776e4e1
Score

10^/10

vidar discovery stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidardiscoverystealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.