vidar | e5b250b8d4473f7bee881f36ac397a4d948f4cec6c9af04e83fe3c10199c9606 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setuper_25.01.exe

windows10-ltsc 2021-x64

Sharing

General

Target

prem_V2.5.0.1Lt.zip
Size

28.9MB
Sample

250127-tzkbbsxqhk
MD5

88e4397b2b2e5e4c97906e5397fb799b
SHA1

a1f62b6b7b7b8b0c4621945ff804caef7557ed76
SHA256

e5b250b8d4473f7bee881f36ac397a4d948f4cec6c9af04e83fe3c10199c9606
SHA512

55aac8d03c6a9c6e03410c0d6e740cee98850f6f0b5456f8a7bf62d2de428b14d3cdbdf98945ad84527a6cf4d56f1a85d6390f102c01576ff9aff20b70a0a6fd
SSDEEP

786432:Dg0ngqZwVaN/40ePihokL1cNIyG3VXn87dIx0EZ/Dpgvv50AZ:DgE3Gug0+PkL1EIyUhUdIxv/Dp46AZ

Score

10^/10

vidar discovery execution stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setuper_25.01.exe

Resource

win10ltsc2021-20250113-en

vidar discovery execution stealer

windows10-ltsc 2021-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  Setuper_25.01.exe
- Size
  
  67.7MB
- MD5
  
  626f51544f775502a39adc747c31032c
- SHA1
  
  b4b66766714ab53be82143ab81424b98a8cbac64
- SHA256
  
  35d601f9d756bcc17a3b1311306eac3bf859c891feca5a218fdf220dcdc643ff
- SHA512
  
  6871ee61a12d692bd535125cdb101f1b8265e7707083070e29c189c69cdccc238c8659deb3995e4245bd1000bf9995caa783443102ffd7bc2754d8c70f5313e0
- SSDEEP
  
  393216:87eLd/nhouIETpkFh8KbodSLFBJbHRlLieEY9qIjAgOWT2ZR0HYaqz1T67bGjeBm:LLd/WbbMWlLi6TjD4FeBgriZApI/Bi
Score

10^/10

vidar discovery execution stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoveryexecutionstealer

© 2018-2025

Terms | Privacy