vidar | 03f111a7553d3e698a07aea301f9be5d29bcde70513a1323283db3e2e4045d95 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-02-08...ch.exe

windows7-x64

2025-02-08...ch.exe

windows10-2004-x64

Sharing

General

Target

2025-02-08_d41aed28538e53598c5ee0b61a7474fb_frostygoop_poet-rat_snatch
Size

6.4MB
Sample

250208-rpddxszlew
MD5

d41aed28538e53598c5ee0b61a7474fb
SHA1

29a1d2fda339625e15739e193fffafe3a636f8b9
SHA256

03f111a7553d3e698a07aea301f9be5d29bcde70513a1323283db3e2e4045d95
SHA512

3eec7324c3c4091d5809b4dfcdece50172619a85c3e5405c7bd76701f69c38b8e80c1ae5a93cfc8fd3834c268776dca95ace24eabe8409eec061114fa79d12e3
SSDEEP

49152:bDZuiC6tkhmcPaGJDVoAVlK+Cw3PKiRasKSjKOTmxECtWBR3xKIygAvKY7orrTKI:bNuinaYcPLZWA1PKE0f6K9v0KVio+

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-08_d41aed28538e53598c5ee0b61a7474fb_frostygoop_poet-rat_snatch.exe

Resource

win7-20241010-en

vidar credential_access discovery spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-08_d41aed28538e53598c5ee0b61a7474fb_frostygoop_poet-rat_snatch.exe

Resource

win10v2004-20250207-en

vidar credential_access discovery stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/sok33tn

https://steamcommunity.com/profiles/76561199824159981

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  2025-02-08_d41aed28538e53598c5ee0b61a7474fb_frostygoop_poet-rat_snatch
- Size
  
  6.4MB
- MD5
  
  d41aed28538e53598c5ee0b61a7474fb
- SHA1
  
  29a1d2fda339625e15739e193fffafe3a636f8b9
- SHA256
  
  03f111a7553d3e698a07aea301f9be5d29bcde70513a1323283db3e2e4045d95
- SHA512
  
  3eec7324c3c4091d5809b4dfcdece50172619a85c3e5405c7bd76701f69c38b8e80c1ae5a93cfc8fd3834c268776dca95ace24eabe8409eec061114fa79d12e3
- SSDEEP
  
  49152:bDZuiC6tkhmcPaGJDVoAVlK+Cw3PKiRasKSjKOTmxECtWBR3xKIygAvKY7orrTKI:bNuinaYcPLZWA1PKE0f6K9v0KVio+
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryspywarestealer

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy