vidar | 3d4a254a1e3f1774d188d81c22f4db19d0cd3d6b47eb034ecfcd15a5667a45a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-02-26...ch.exe

windows7-x64

2025-02-26...ch.exe

windows10-2004-x64

Sharing

General

Target

2025-02-26_1684e9b9f85aaf93d1a90063d386b67f_frostygoop_poet-rat_snatch
Size

8.7MB
Sample

250226-pxjvkazn16
MD5

1684e9b9f85aaf93d1a90063d386b67f
SHA1

4ee1fb056218b85f39cd3a35c702aebf00d78f25
SHA256

3d4a254a1e3f1774d188d81c22f4db19d0cd3d6b47eb034ecfcd15a5667a45a0
SHA512

1c3dd0f07a1daa62e7af3b4ef2120ff722b3e7cd8cdf61713812e2945314f108fa1e66468fa28d1f23a996bf9016bd1f3aab2dd98f40492793f9dc5924939559
SSDEEP

49152:zHc0LD04voQr6iZAhhG4YDLduYWnqjoN4KWj4gCCOWuyO0CSgA5QkWhVoUcNvE01:bc0LlXZAC/D3KnabOte3KVIYEnjuq

Score

10^/10

vidar credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-26_1684e9b9f85aaf93d1a90063d386b67f_frostygoop_poet-rat_snatch.exe

Resource

win7-20240903-en

vidar discovery stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-26_1684e9b9f85aaf93d1a90063d386b67f_frostygoop_poet-rat_snatch.exe

Resource

win10v2004-20250217-en

vidar credential_access discovery spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

- Target
  
  2025-02-26_1684e9b9f85aaf93d1a90063d386b67f_frostygoop_poet-rat_snatch
- Size
  
  8.7MB
- MD5
  
  1684e9b9f85aaf93d1a90063d386b67f
- SHA1
  
  4ee1fb056218b85f39cd3a35c702aebf00d78f25
- SHA256
  
  3d4a254a1e3f1774d188d81c22f4db19d0cd3d6b47eb034ecfcd15a5667a45a0
- SHA512
  
  1c3dd0f07a1daa62e7af3b4ef2120ff722b3e7cd8cdf61713812e2945314f108fa1e66468fa28d1f23a996bf9016bd1f3aab2dd98f40492793f9dc5924939559
- SSDEEP
  
  49152:zHc0LD04voQr6iZAhhG4YDLduYWnqjoN4KWj4gCCOWuyO0CSgA5QkWhVoUcNvE01:bc0LlXZAC/D3KnabOte3KVIYEnjuq
Score

10^/10

vidar discovery stealer credential_access spyware
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidardiscoverystealer

behavioral2

vidarcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy