vidar | 4c8b1c9ed7ba0d921b0971a3e5de96bfdb3b18024e8880c7aaa2759f13c01316 | Triage

Submit
Reports

Overview

overview

Static

static

1

oracleSuper.exe

windows7-x64

oracleSuper.exe

windows10-2004-x64

Sharing

General

Target

oracleSuper.exe
Size

6.3MB
Sample

250128-q8849stmcj
MD5

cd7754cff6dfeea0b5d8bb51abe32d7d
SHA1

dc88b17814ef892d1410b261b52e96684a7dd1b2
SHA256

4c8b1c9ed7ba0d921b0971a3e5de96bfdb3b18024e8880c7aaa2759f13c01316
SHA512

c0e9e8750b1a607ccd76033c2be7eee4447b199412206903c0012d3175357c27826ddb659c30382690428676978fe97d0bb9c19bc4df4fb53994937ef7adc659
SSDEEP

98304:Iqcn1rB4qecWyIFft+EGSB5Fgd41YQ6sFZ/Pee1R1+jIxnSLIJ7RC+aLW:IrBawEGmHQxq/2edcCSLGRCU

Score

10^/10

vidar 3ab0abf23bc38232529d79e3b78a588b credential_access discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

oracleSuper.exe

Resource

win7-20240903-en

vidar 3ab0abf23bc38232529d79e3b78a588b discovery stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

oracleSuper.exe

Resource

win10v2004-20241007-en

vidar 3ab0abf23bc38232529d79e3b78a588b credential_access discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

10.4

Botnet

3ab0abf23bc38232529d79e3b78a588b

C2

https://steamcommunity.com/profiles/76561199735694209

https://t.me/puffclou

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1

Targets

- Target
  
  oracleSuper.exe
- Size
  
  6.3MB
- MD5
  
  cd7754cff6dfeea0b5d8bb51abe32d7d
- SHA1
  
  dc88b17814ef892d1410b261b52e96684a7dd1b2
- SHA256
  
  4c8b1c9ed7ba0d921b0971a3e5de96bfdb3b18024e8880c7aaa2759f13c01316
- SHA512
  
  c0e9e8750b1a607ccd76033c2be7eee4447b199412206903c0012d3175357c27826ddb659c30382690428676978fe97d0bb9c19bc4df4fb53994937ef7adc659
- SSDEEP
  
  98304:Iqcn1rB4qecWyIFft+EGSB5Fgd41YQ6sFZ/Pee1R1+jIxnSLIJ7RC+aLW:IrBawEGmHQxq/2edcCSLGRCU
Score

10^/10

vidar 3ab0abf23bc38232529d79e3b78a588b discovery stealer credential_access
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Executes dropped EXE
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar3ab0abf23bc38232529d79e3b78a588bdiscoverystealer

behavioral2

vidar3ab0abf23bc38232529d79e3b78a588bcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy