vidar | c5ff8c9ec98f44163a3da8555205f97ab01392216e371fe3e9f81f142f387bb3 | Triage

Submit
Reports

Overview

overview

Static

static

3

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Setup.exe
Size

78.9MB
Sample

250211-g211msypev
MD5

2879c2ed17dfcdcf548cc71de5ef374b
SHA1

5697a85f1f38149723a157697523f36932fa880c
SHA256

c5ff8c9ec98f44163a3da8555205f97ab01392216e371fe3e9f81f142f387bb3
SHA512

0cd7bb8b86470a2dc21d23ffb69a14dcd1f07896399de50a8171b76cb5e342c6a72b6b0fb7379652aa71f0ae69fc1ac30350b959906e29e2896461c9a92c7023
SSDEEP

98304:Ugh4cAFlG+Jhhwb+8MeGx2RVtT42cPcUaIp2vUsMiLJ:xhRAO+UJR82SOv

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20241010-en

vidar discovery stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20250207-en

vidar credential_access discovery stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/sok33tn

https://steamcommunity.com/profiles/76561199824159981

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  Setup.exe
- Size
  
  78.9MB
- MD5
  
  2879c2ed17dfcdcf548cc71de5ef374b
- SHA1
  
  5697a85f1f38149723a157697523f36932fa880c
- SHA256
  
  c5ff8c9ec98f44163a3da8555205f97ab01392216e371fe3e9f81f142f387bb3
- SHA512
  
  0cd7bb8b86470a2dc21d23ffb69a14dcd1f07896399de50a8171b76cb5e342c6a72b6b0fb7379652aa71f0ae69fc1ac30350b959906e29e2896461c9a92c7023
- SSDEEP
  
  98304:Ugh4cAFlG+Jhhwb+8MeGx2RVtT42cPcUaIp2vUsMiLJ:xhRAO+UJR82SOv
Score

10^/10

vidar discovery stealer credential_access
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy