vidar | 986a98dc33a925fa232e1e5311807c7681cad9e0f07957d81e4f2f8257503f9c | Triage

Submit
Reports

Overview

overview

Static

static

build.exe

windows7-x64

build.exe

windows10-ltsc 2021-x64

build.exe

windows11-21h2-x64

Sharing

General

Target

build.exe
Size

119KB
Sample

250208-twza3swncj
MD5

08388bb4894c71e7b1be4bad966c3824
SHA1

7437ac98f08fc41283b900aa6fb0ae350d59dd6c
SHA256

986a98dc33a925fa232e1e5311807c7681cad9e0f07957d81e4f2f8257503f9c
SHA512

2adf5154e7dca7de1fcf12560c97f1b74e66fb3c5074d8fa9d29dd9da91a1314f9fc18270808c12364c4941a6a2346109824bd4c625df905f9be84af393934b3
SSDEEP

3072:8Ho0VvS7fw67XojiwHjwlntccGGLz9VkYFP+WR9pLhbFnhSe2e2e2nw:41VvSM6ziiw0cMLzDj9VBne

Score

10^/10

vidar adware discovery persistence privilege_escalation stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

build.exe

Resource

win7-20241010-en

vidar discovery stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

build.exe

Resource

win10ltsc2021-20250207-en

vidar adware discovery persistence privilege_escalation stealer

windows10-ltsc 2021-x64

23 signatures

150 seconds

Behavioral task

behavioral3

Sample

build.exe

Resource

win11-20250207-en

vidar adware discovery persistence privilege_escalation stealer

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  build.exe
- Size
  
  119KB
- MD5
  
  08388bb4894c71e7b1be4bad966c3824
- SHA1
  
  7437ac98f08fc41283b900aa6fb0ae350d59dd6c
- SHA256
  
  986a98dc33a925fa232e1e5311807c7681cad9e0f07957d81e4f2f8257503f9c
- SHA512
  
  2adf5154e7dca7de1fcf12560c97f1b74e66fb3c5074d8fa9d29dd9da91a1314f9fc18270808c12364c4941a6a2346109824bd4c625df905f9be84af393934b3
- SSDEEP
  
  3072:8Ho0VvS7fw67XojiwHjwlntccGGLz9VkYFP+WR9pLhbFnhSe2e2e2nw:41VvSM6ziiw0cMLzDj9VBne
Score

10^/10

vidar discovery stealer adware persistence privilege_escalation
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidaradwarediscoverypersistenceprivilege_escalationstealer

behavioral3

vidaradwarediscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy