vidar | 8548215da9bc3fa053e973155fb99462a65aea8b9ee8f6419a1d2c11ca0189f6 | Triage

Submit
Reports

Overview

overview

Static

static

1

.html

windows10-ltsc 2021-x64

Sharing

General

Target

.
Size

564B
Sample

250213-px5r2aylcx
MD5

551e6e8316330ea362856c8f4fc249ed
SHA1

791ff927a99dff2ebae3c7b2fe90eac49e1721c5
SHA256

8548215da9bc3fa053e973155fb99462a65aea8b9ee8f6419a1d2c11ca0189f6
SHA512

eda2d472d73436940d33c4caaa75ccb160fdb001507ef1d481d4e98d3084160c4983409dee03538e16a0c77d7fc85f2ebd16b13bb408b44475a7ebea73f1eec4

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

.html

Resource

win10ltsc2021-20250211-en

vidar credential_access discovery stealer

windows10-ltsc 2021-x64

26 signatures

900 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/b4cha00

https://steamcommunity.com/profiles/76561199825403037

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0

Targets

- Target
  
  .
- Size
  
  564B
- MD5
  
  551e6e8316330ea362856c8f4fc249ed
- SHA1
  
  791ff927a99dff2ebae3c7b2fe90eac49e1721c5
- SHA256
  
  8548215da9bc3fa053e973155fb99462a65aea8b9ee8f6419a1d2c11ca0189f6
- SHA512
  
  eda2d472d73436940d33c4caaa75ccb160fdb001507ef1d481d4e98d3084160c4983409dee03538e16a0c77d7fc85f2ebd16b13bb408b44475a7ebea73f1eec4
Score

10^/10

vidar credential_access discovery stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy