vidar | 93b81fca5f62c8511d4901efea8b7c17db8d3cb46c26727c0713c74608af749c | Triage

Resubmissions

08-02-2025 15:16

250208-snpk8stmaj 10

08-02-2025 12:25

250208-plr2ssvjf1 3

Sharing

General

Target

S0FTWARE.exe
Size

16KB
Sample

250208-snpk8stmaj
MD5

aab1f7428582ab8fd7e1875b1c76f5d5
SHA1

052afd80cfa9061b462eac018b51ae9d1a4a9cd0
SHA256

93b81fca5f62c8511d4901efea8b7c17db8d3cb46c26727c0713c74608af749c
SHA512

d3d4a51b5358390af5f84b58de0310bc942ae8aa01b3ec262aec5be3c6f0940b6900c56ba1589c252b7825e74ef67b6bcc80f2c927f32fa75316f73c46cdf5c2
SSDEEP

384:lAbhV0ZFn9jbHzBbIXWy0ZEdcTn/dqLkLZc:eroFbZvdqLIO

Score

10^/10

vidar discovery execution stealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/sok33tn

https://steamcommunity.com/profiles/76561199824159981

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  S0FTWARE.exe
- Size
  
  16KB
- MD5
  
  aab1f7428582ab8fd7e1875b1c76f5d5
- SHA1
  
  052afd80cfa9061b462eac018b51ae9d1a4a9cd0
- SHA256
  
  93b81fca5f62c8511d4901efea8b7c17db8d3cb46c26727c0713c74608af749c
- SHA512
  
  d3d4a51b5358390af5f84b58de0310bc942ae8aa01b3ec262aec5be3c6f0940b6900c56ba1589c252b7825e74ef67b6bcc80f2c927f32fa75316f73c46cdf5c2
- SSDEEP
  
  384:lAbhV0ZFn9jbHzBbIXWy0ZEdcTn/dqLkLZc:eroFbZvdqLIO
Score

10^/10

vidar discovery execution stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoveryexecutionstealer