vidar | 81a16262857bdc1497888c2196a6abb068da74a736724f34828b048777560cce | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...70.exe

windows7-x64

SecuriteIn...70.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.Malware-gen.25942.5770.exe
Size

4.8MB
Sample

250213-k19g6swjfn
MD5

9c34d1555408e02bf79d305e14da648f
SHA1

3ade53d77f21861819565b4902d42d17b26b0771
SHA256

81a16262857bdc1497888c2196a6abb068da74a736724f34828b048777560cce
SHA512

be426e3af1d0888cf1b9dd61f01f9010f4f2f83a979acdafb27eae99b21b96e96391ecd73d01f60d087c36adce9538ce8f307bf9660a8b6cf4306e7b6dca1a46
SSDEEP

49152:8Uocec9UxniW/mQU/KgxyPZqsHsehXnMuCtHVZK7umnSZHjew1zdRm8y7PSZp5Jn:84ec9KnirhCWyQegK7B8Cy

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.Malware-gen.25942.5770.exe

Resource

win7-20250207-en

vidar credential_access discovery spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.Malware-gen.25942.5770.exe

Resource

win10v2004-20250207-en

vidar credential_access discovery spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/b4cha00

https://steamcommunity.com/profiles/76561199825403037

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0

Targets

- Target
  
  SecuriteInfo.com.Win32.Malware-gen.25942.5770.exe
- Size
  
  4.8MB
- MD5
  
  9c34d1555408e02bf79d305e14da648f
- SHA1
  
  3ade53d77f21861819565b4902d42d17b26b0771
- SHA256
  
  81a16262857bdc1497888c2196a6abb068da74a736724f34828b048777560cce
- SHA512
  
  be426e3af1d0888cf1b9dd61f01f9010f4f2f83a979acdafb27eae99b21b96e96391ecd73d01f60d087c36adce9538ce8f307bf9660a8b6cf4306e7b6dca1a46
- SSDEEP
  
  49152:8Uocec9UxniW/mQU/KgxyPZqsHsehXnMuCtHVZK7umnSZHjew1zdRm8y7PSZp5Jn:84ec9KnirhCWyQegK7B8Cy
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryspywarestealer

behavioral2

vidarcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy