vidar | f9a8f7bfe93aff2b25c733f46a9a5a7cbf366cb12cdee3a1262f1f737ea5204f | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-02-19...ch.exe

windows7-x64

2025-02-19...ch.exe

windows10-2004-x64

Sharing

General

Target

2025-02-19_e75ea1fd0fb29383b2f4822022ddf34c_frostygoop_poet-rat_snatch
Size

5.7MB
Sample

250219-1ffmcszjby
MD5

e75ea1fd0fb29383b2f4822022ddf34c
SHA1

c30e9c9b52b5394b591bfb40b13ef594ccedf316
SHA256

f9a8f7bfe93aff2b25c733f46a9a5a7cbf366cb12cdee3a1262f1f737ea5204f
SHA512

5662eebaf91c295aa56409e307ad09b47828b7e8986d906fa7e0d0b0aaba8008d6a0227bd8e770fe1138b75059e5c0505e66dc35685f07ed401ce2c462f77ce1
SSDEEP

49152:uYyT7q1dtjhwEM2wM1CRxMzIouecTPycvms1WmZURWBZQApOsmeW7LD/OI0x1DPS:1m7K7jNM2qazuycJ0X2T

Score

10^/10

vidar credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-19_e75ea1fd0fb29383b2f4822022ddf34c_frostygoop_poet-rat_snatch.exe

Resource

win7-20241023-en

vidar discovery stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-19_e75ea1fd0fb29383b2f4822022ddf34c_frostygoop_poet-rat_snatch.exe

Resource

win10v2004-20250217-en

vidar credential_access discovery stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/b4cha00

https://steamcommunity.com/profiles/76561199825403037

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0

Targets

- Target
  
  2025-02-19_e75ea1fd0fb29383b2f4822022ddf34c_frostygoop_poet-rat_snatch
- Size
  
  5.7MB
- MD5
  
  e75ea1fd0fb29383b2f4822022ddf34c
- SHA1
  
  c30e9c9b52b5394b591bfb40b13ef594ccedf316
- SHA256
  
  f9a8f7bfe93aff2b25c733f46a9a5a7cbf366cb12cdee3a1262f1f737ea5204f
- SHA512
  
  5662eebaf91c295aa56409e307ad09b47828b7e8986d906fa7e0d0b0aaba8008d6a0227bd8e770fe1138b75059e5c0505e66dc35685f07ed401ce2c462f77ce1
- SSDEEP
  
  49152:uYyT7q1dtjhwEM2wM1CRxMzIouecTPycvms1WmZURWBZQApOsmeW7LD/OI0x1DPS:1m7K7jNM2qazuycJ0X2T
Score

10^/10

vidar discovery stealer credential_access
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy