vidar | 71c959f416dce380b98fad8f4f9d5c3dccf44b310ec05321dc17c35603da303f | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-02-25...ch.exe

windows7-x64

2025-02-25...ch.exe

windows10-2004-x64

Sharing

General

Target

2025-02-25_4a957a425a066ef75f5ccbb78e56fc30_frostygoop_poet-rat_snatch
Size

5.1MB
Sample

250225-ar5graxqw6
MD5

4a957a425a066ef75f5ccbb78e56fc30
SHA1

144e793b967d7925f5d91e0a3928ff0fc4e3718a
SHA256

71c959f416dce380b98fad8f4f9d5c3dccf44b310ec05321dc17c35603da303f
SHA512

6f563ce565f2ab3cc59c9caae1c9a9bca0a59055983ba220dd80f007f557407d2aea58bc9d14e0e16c8a07934a41cad2dd87ac43783c1db35fd518b1274c22d9
SSDEEP

49152:UvzMb1W+znU3Fxo3Gpw499PDXeJtnFd5LYDW1wl0SmZ+Vy31Sf6x17qY1:UvzMBIjo3qj7PqFBheO

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-25_4a957a425a066ef75f5ccbb78e56fc30_frostygoop_poet-rat_snatch.exe

Resource

win7-20250207-en

vidar credential_access discovery spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-25_4a957a425a066ef75f5ccbb78e56fc30_frostygoop_poet-rat_snatch.exe

Resource

win10v2004-20250217-en

vidar credential_access discovery spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

- Target
  
  2025-02-25_4a957a425a066ef75f5ccbb78e56fc30_frostygoop_poet-rat_snatch
- Size
  
  5.1MB
- MD5
  
  4a957a425a066ef75f5ccbb78e56fc30
- SHA1
  
  144e793b967d7925f5d91e0a3928ff0fc4e3718a
- SHA256
  
  71c959f416dce380b98fad8f4f9d5c3dccf44b310ec05321dc17c35603da303f
- SHA512
  
  6f563ce565f2ab3cc59c9caae1c9a9bca0a59055983ba220dd80f007f557407d2aea58bc9d14e0e16c8a07934a41cad2dd87ac43783c1db35fd518b1274c22d9
- SSDEEP
  
  49152:UvzMb1W+znU3Fxo3Gpw499PDXeJtnFd5LYDW1wl0SmZ+Vy31Sf6x17qY1:UvzMBIjo3qj7PqFBheO
Score

10^/10

vidar credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarcredential_accessdiscoveryspywarestealer

behavioral2

vidarcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy