vidar | 4fc13c81b5594dd189eafc3e88fd6d5cadf8f951b81d10fb2ffab3c851512771 | Triage

Submit
Reports

Overview

overview

Static

static

3

us.exe

windows7-x64

us.exe

windows10-2004-x64

Sharing

General

Target

us.exe
Size

6.6MB
Sample

250212-yt46rsxpa1
MD5

47ef73872d8adbb3f66c4d0b145060bf
SHA1

f2dde0526a50623daecaaa969f77204d46894e32
SHA256

4fc13c81b5594dd189eafc3e88fd6d5cadf8f951b81d10fb2ffab3c851512771
SHA512

274ee436cb704002581eb3551f676e9c8f7015ea75ca090f6b783d9fd7d9b7c7be4dd86fd4024f0877658a464653e6c738f77fcda150221c8a88f276be987687
SSDEEP

49152:PJiTLxmrxMgiQNXf34SF0VwUhu6NqQFn8vca9Ypyy7KQ+cKa/Et9m3OnytR1ljyc:P0TLxmFkQNXgU0ZqXHfaj3OQjy

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

us.exe

Resource

win7-20250207-en

vidar credential_access discovery stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

us.exe

Resource

win10v2004-20250207-en

vidar credential_access discovery stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/sok33tn

https://steamcommunity.com/profiles/76561199824159981

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

- Target
  
  us.exe
- Size
  
  6.6MB
- MD5
  
  47ef73872d8adbb3f66c4d0b145060bf
- SHA1
  
  f2dde0526a50623daecaaa969f77204d46894e32
- SHA256
  
  4fc13c81b5594dd189eafc3e88fd6d5cadf8f951b81d10fb2ffab3c851512771
- SHA512
  
  274ee436cb704002581eb3551f676e9c8f7015ea75ca090f6b783d9fd7d9b7c7be4dd86fd4024f0877658a464653e6c738f77fcda150221c8a88f276be987687
- SSDEEP
  
  49152:PJiTLxmrxMgiQNXf34SF0VwUhu6NqQFn8vca9Ypyy7KQ+cKa/Et9m3OnytR1ljyc:P0TLxmFkQNXgU0ZqXHfaj3OQjy
Score

10^/10

vidar credential_access discovery stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoverystealer

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy