vidar | 85c4c3122b769f39036dfbc5d6ce5285b8392501644f8ede88c2bd5aa0109a24 | Triage

Submit
Reports

Overview

overview

Static

static

3

0x00050000...31.exe

windows7-x64

0x00050000...31.exe

windows10-2004-x64

Sharing

General

Target

7nSTXG6.exe_pw_infected.zip
Size

4.2MB
Sample

250221-vvytlawpek
MD5

d69f57d9ee0d0297353f67cefc83857b
SHA1

206dd630d45f433ea0273ae4cceaf572a78fd456
SHA256

85c4c3122b769f39036dfbc5d6ce5285b8392501644f8ede88c2bd5aa0109a24
SHA512

e851563c70bf8841de8fa084f0db2fb018508684dad1bbcc8bcf8cc88b2c191240d7481d8c74ce17ff0d73eda9c301eded136be4ae4c5f9bbb7bb0564f3004e2
SSDEEP

98304:9UKXPVjNMf7iqpyonWGQgT3KVNBsBFAtsJnjWgR2a:KCPVZMf+qkonBQy3KVLEiCp

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0x0005000000019615-131.exe

Resource

win7-20241010-en

vidar credential_access discovery spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x0005000000019615-131.exe

Resource

win10v2004-20250217-en

vidar credential_access discovery spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

- Target
  
  0x0005000000019615-131
- Size
  
  9.8MB
- MD5
  
  6de71b0609cb1dcb47118be17d0d700c
- SHA1
  
  98abf52de91ec36ac0d066345ecb8b2c96fdba50
- SHA256
  
  55a16f01b6e2b0b124a1c4221e6d7b27dd4571b9b6b7575c3a731cc2b2d1a0e4
- SHA512
  
  a0e01518116715d8e0196e09cf4036bf484eaa250b36151bf91fc91b3bd6bdca90cb7277ebc62e16a8c2d77d75f9ade558037cc6662e12aa8e85d02ac6d8c212
- SSDEEP
  
  98304:Owk7LhMpZoJaUfW8+3CPPEuSPawmHvhfcmTVbeGG0u:Lk3h82+3CyawmHvumTVbeGG
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryspywarestealer

behavioral2

vidarcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy