vidar | 49c8db48c43861be5087f96e5f934f8f6e3a3931e75613fd87127fa29edd62f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-03-31...om.exe

windows7-x64

1

2025-03-31...om.exe

windows10-2004-x64

Sharing

General

Target

2025-03-31_ba7cfbfe4ee11ed0bb81a7b71de91922_black-basta_cobalt-strike_ryuk_satacom
Size

1.9MB
Sample

250331-cnywxatpt8
MD5

ba7cfbfe4ee11ed0bb81a7b71de91922
SHA1

08f3a7cd51e1ea055ff7fbdcbd93c08b689773bc
SHA256

49c8db48c43861be5087f96e5f934f8f6e3a3931e75613fd87127fa29edd62f1
SHA512

3121d0f1e389d9f9b5faeebfa35e1a218f1a5c594beac41106c5cb85c5f6f7a6ffbab58035517833c36d6a42550156e19d0d832c80742264b4cdfb68d61175b6
SSDEEP

24576:NNI2LXlFLf2uee/0kd+mELBX11GyDXcOSbNpZw1lUR:LnFFytug1lUR

Score

10^/10

vidar 23b8a0e48f77dc82cb41b2936121fd07 credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-03-31_ba7cfbfe4ee11ed0bb81a7b71de91922_black-basta_cobalt-strike_ryuk_satacom.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-31_ba7cfbfe4ee11ed0bb81a7b71de91922_black-basta_cobalt-strike_ryuk_satacom.exe

Resource

win10v2004-20250314-en

vidar 23b8a0e48f77dc82cb41b2936121fd07 credential_access discovery spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

23b8a0e48f77dc82cb41b2936121fd07

C2

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Targets

- Target
  
  2025-03-31_ba7cfbfe4ee11ed0bb81a7b71de91922_black-basta_cobalt-strike_ryuk_satacom
- Size
  
  1.9MB
- MD5
  
  ba7cfbfe4ee11ed0bb81a7b71de91922
- SHA1
  
  08f3a7cd51e1ea055ff7fbdcbd93c08b689773bc
- SHA256
  
  49c8db48c43861be5087f96e5f934f8f6e3a3931e75613fd87127fa29edd62f1
- SHA512
  
  3121d0f1e389d9f9b5faeebfa35e1a218f1a5c594beac41106c5cb85c5f6f7a6ffbab58035517833c36d6a42550156e19d0d832c80742264b4cdfb68d61175b6
- SSDEEP
  
  24576:NNI2LXlFLf2uee/0kd+mELBX11GyDXcOSbNpZw1lUR:LnFFytug1lUR
Score

10^/10

vidar 23b8a0e48f77dc82cb41b2936121fd07 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidar23b8a0e48f77dc82cb41b2936121fd07credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy