vidar | d9b7cd71505bd423ba63c900c792c585314c44d9515cd2767f6c9826e8237979 | Triage

Submit
Reports

Overview

overview

Static

static

3

config.exe

windows7-x64

config.exe

windows10-2004-x64

Sharing

General

Target

config.exe
Size

5.2MB
Sample

250223-a94yyatmdn
MD5

fcdd5d8bbdd7e9c70b30904c37267bb2
SHA1

6c8c923851462e0c97b48b3826643eea441ed8b6
SHA256

d9b7cd71505bd423ba63c900c792c585314c44d9515cd2767f6c9826e8237979
SHA512

2ea5167cb7c6f4d87d2e3a595cdd40a2be9e24098841a40c64bf50db9e55f954ae7da0646d9ae10f4e833ba793a94fb304791445c8f9f78197e11ce04af012eb
SSDEEP

49152:8l2I+TsDdNum6TfbV+/74e1HOiiI1qCRzecn5EZ8AoFVWkjDH4P1EKLR1Ic201o7:8YI+T8XqfbVy4IuilzfzHhc2PF

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

config.exe

Resource

win7-20240903-en

vidar credential_access discovery spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

config.exe

Resource

win10v2004-20250217-en

vidar credential_access discovery stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

- Target
  
  config.exe
- Size
  
  5.2MB
- MD5
  
  fcdd5d8bbdd7e9c70b30904c37267bb2
- SHA1
  
  6c8c923851462e0c97b48b3826643eea441ed8b6
- SHA256
  
  d9b7cd71505bd423ba63c900c792c585314c44d9515cd2767f6c9826e8237979
- SHA512
  
  2ea5167cb7c6f4d87d2e3a595cdd40a2be9e24098841a40c64bf50db9e55f954ae7da0646d9ae10f4e833ba793a94fb304791445c8f9f78197e11ce04af012eb
- SSDEEP
  
  49152:8l2I+TsDdNum6TfbV+/74e1HOiiI1qCRzecn5EZ8AoFVWkjDH4P1EKLR1Ic201o7:8YI+T8XqfbVy4IuilzfzHhc2PF
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryspywarestealer

behavioral2

vidarcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy