vidar | 5d571a9f37e1d51c74a08d2c8e0e83923b9d0324af2d30d72f4c1b6d549324fd | Triage

Submit
Reports

Overview

overview

Static

static

1

fakeactivator.bat

windows11-21h2-x64

Sharing

General

Target

fakeactivator.bat
Size

39B
Sample

250227-s2c5cs1vew
MD5

34392c57960b21888da234493b034908
SHA1

ae266c1ed8ca0d32e959eefc5919ca1563bb5512
SHA256

5d571a9f37e1d51c74a08d2c8e0e83923b9d0324af2d30d72f4c1b6d549324fd
SHA512

5fe3371a85d40936715ec7179918e24b15b6b396272d1eaa737d9de0729e57fb69cc6e0e04c00464afa932846e00af2f55d691653872bea2baff22b85ae51d84

Score

10^/10

vidar ir7am credential_access discovery execution stealer

Static task

static1

Behavioral task

behavioral1

Sample

fakeactivator.bat

Resource

win11-20250217-en

vidar ir7am credential_access discovery execution stealer

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Botnet

ir7am

C2

https://t.me/l793oy

https://steamcommunity.com/profiles/76561199829660832

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

- Target
  
  fakeactivator.bat
- Size
  
  39B
- MD5
  
  34392c57960b21888da234493b034908
- SHA1
  
  ae266c1ed8ca0d32e959eefc5919ca1563bb5512
- SHA256
  
  5d571a9f37e1d51c74a08d2c8e0e83923b9d0324af2d30d72f4c1b6d549324fd
- SHA512
  
  5fe3371a85d40936715ec7179918e24b15b6b396272d1eaa737d9de0729e57fb69cc6e0e04c00464afa932846e00af2f55d691653872bea2baff22b85ae51d84
Score

10^/10

vidar ir7am credential_access discovery execution stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarir7amcredential_accessdiscoveryexecutionstealer

© 2018-2025

Terms | Privacy