vidar | f8b0d88d7094f254631363ddf906efc52ae7f71482c0c4041f07f7d069f89b43 | Triage

Submit
Reports

Overview

overview

Static

static

1

trigger.ps1

windows10-ltsc 2021-x64

trigger.ps1

windows11-21h2-x64

Resubmissions

21-02-2025 16:13

250221-tpfv6avqgl 10

Sharing

General

Target

trigger.ps1
Size

28B
Sample

250221-tpfv6avqgl
MD5

fbde43d916bb7ec62d1863fe3de8edbf
SHA1

61787be021ab6e3e9f20f759da7b4e85747a7e22
SHA256

f8b0d88d7094f254631363ddf906efc52ae7f71482c0c4041f07f7d069f89b43
SHA512

05b22324b60a44f6b757f5a1df5566872ca08ef1b82e99947ba30415cc69454ef1927de0ff7b5e7927809d62bf89896c6a9ac9377bd4ad29971f4927fdd38421

Score

10^/10

vidar credential_access discovery execution spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

trigger.ps1

Resource

win10ltsc2021-20250217-en

vidar credential_access discovery execution spyware stealer

windows10-ltsc 2021-x64

23 signatures

300 seconds

Behavioral task

behavioral2

Sample

trigger.ps1

Resource

win11-20250217-en

vidar credential_access discovery execution spyware stealer

windows11-21h2-x64

23 signatures

300 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

- Target
  
  trigger.ps1
- Size
  
  28B
- MD5
  
  fbde43d916bb7ec62d1863fe3de8edbf
- SHA1
  
  61787be021ab6e3e9f20f759da7b4e85747a7e22
- SHA256
  
  f8b0d88d7094f254631363ddf906efc52ae7f71482c0c4041f07f7d069f89b43
- SHA512
  
  05b22324b60a44f6b757f5a1df5566872ca08ef1b82e99947ba30415cc69454ef1927de0ff7b5e7927809d62bf89896c6a9ac9377bd4ad29971f4927fdd38421
Score

10^/10

vidar credential_access discovery execution spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Executes dropped EXE
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryexecutionspywarestealer

behavioral2

vidarcredential_accessdiscoveryexecutionspywarestealer

© 2018-2025

Terms | Privacy