vidar | c6638f4e793b808e87b9b4a8c546a28c3bdd7f5b5eae2b33dcae7402a69f63f4

Analysis

max time kernel
93s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2025 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VacBypassInjector.exe
Size

119KB
MD5

4c347d917a8377f19cb89a3aa94a94d9
SHA1

be2b5cd59c09ecf8a779197ca88ebb6722427159
SHA256

c6638f4e793b808e87b9b4a8c546a28c3bdd7f5b5eae2b33dcae7402a69f63f4
SHA512

4f0911229d1523630a07b46d1fb4249b48d3284f04f541668fb4f0d7762567f90304202a6785688712da70d28ea4554e7a229b1a0a9d4b20192a6f766b8ec15d
SSDEEP

3072:8Ho0VvS7fw67XojiwHjwlntccGGLz9VkYFP+WR9pLhb7nhSe2e2e2nw:41VvSM6ziiw0cMLzDj9V/ne

Score

10^/10

vidar discovery stealer

Malware Config

Extracted

Family

vidar

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Signatures

Detect Vidar Stealer 2 IoCs

stealer

resource	yara_rule
behavioral2/memory/2540-0-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral2/memory/2540-7-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VacBypassInjector.exe

C:\Users\Admin\AppData\Local\Temp\VacBypassInjector.exe
"C:\Users\Admin\AppData\Local\Temp\VacBypassInjector.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2540-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2540-7-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download