vidar | f77a07b45cd45bfbe85a30f2f30231a1d5d3c2805c865a0d5c7d7e690b7b56c4 | Triage

Submit
Reports

Overview

overview

Static

static

1

text.txt

windows10-ltsc 2021-x64

Sharing

General

Target

text.txt
Size

32B
Sample

250222-h6jgts1jfw
MD5

a455d48f8584cc5fbe88a099cded5ae4
SHA1

085fc5be40f2edaa6fad96b95b01a6b107745546
SHA256

f77a07b45cd45bfbe85a30f2f30231a1d5d3c2805c865a0d5c7d7e690b7b56c4
SHA512

971a880edbd08c57faa42078097f73867c6cc663bbd3a7c66ba026104cdbe5bd9339596877dbeb277cffca9bac8a52c695f122f4310c4c064b53a65beb41b1c2

Score

10^/10

vidar credential_access defense_evasion discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

text.txt

Resource

win10ltsc2021-20250217-en

vidar credential_access defense_evasion discovery spyware stealer

windows10-ltsc 2021-x64

29 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

- Target
  
  text.txt
- Size
  
  32B
- MD5
  
  a455d48f8584cc5fbe88a099cded5ae4
- SHA1
  
  085fc5be40f2edaa6fad96b95b01a6b107745546
- SHA256
  
  f77a07b45cd45bfbe85a30f2f30231a1d5d3c2805c865a0d5c7d7e690b7b56c4
- SHA512
  
  971a880edbd08c57faa42078097f73867c6cc663bbd3a7c66ba026104cdbe5bd9339596877dbeb277cffca9bac8a52c695f122f4310c4c064b53a65beb41b1c2
Score

10^/10

vidar credential_access defense_evasion discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Executes dropped EXE
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdefense_evasiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy