vidar | 0ae4a1fe7de1a44c85893f600f29e28ff2d859f5c99261a4ac8ce0272a15c2e5 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-03-31...om.exe

windows10-2004-x64

Sharing

General

Target

2025-03-31_bb2e05095585306c7795f0d868c35c7b_black-basta_cobalt-strike_ryuk_satacom
Size

694KB
Sample

250331-m1tstsxyhs
MD5

bb2e05095585306c7795f0d868c35c7b
SHA1

1d812f7f3c5cd4ac12c978832ce0e1a7914fc7dd
SHA256

0ae4a1fe7de1a44c85893f600f29e28ff2d859f5c99261a4ac8ce0272a15c2e5
SHA512

543867f1e1c2450fdb5e072d32e050d5a2123cac8db69065b3bc172dfdad736018979ff872743e5b35e94982c0341b0ea59c7afcd253d6089d3dedf89dda8784
SSDEEP

12288:m7athgvR/PNiavyws5SXvTbhX2NWUXEAuT32JrZwxRlUE2JrZwxRlUR:mem/E/ob86mpZwblUJpZwblUR

Score

10^/10

vidar fa58002947e44c326351a19585a38169 credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-03-31_bb2e05095585306c7795f0d868c35c7b_black-basta_cobalt-strike_ryuk_satacom.exe

Resource

win10v2004-20250314-en

vidar fa58002947e44c326351a19585a38169 credential_access discovery spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

fa58002947e44c326351a19585a38169

C2

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Targets

- Target
  
  2025-03-31_bb2e05095585306c7795f0d868c35c7b_black-basta_cobalt-strike_ryuk_satacom
- Size
  
  694KB
- MD5
  
  bb2e05095585306c7795f0d868c35c7b
- SHA1
  
  1d812f7f3c5cd4ac12c978832ce0e1a7914fc7dd
- SHA256
  
  0ae4a1fe7de1a44c85893f600f29e28ff2d859f5c99261a4ac8ce0272a15c2e5
- SHA512
  
  543867f1e1c2450fdb5e072d32e050d5a2123cac8db69065b3bc172dfdad736018979ff872743e5b35e94982c0341b0ea59c7afcd253d6089d3dedf89dda8784
- SSDEEP
  
  12288:m7athgvR/PNiavyws5SXvTbhX2NWUXEAuT32JrZwxRlUE2JrZwxRlUR:mem/E/ob86mpZwblUJpZwblUR
Score

10^/10

vidar fa58002947e44c326351a19585a38169 credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarfa58002947e44c326351a19585a38169credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy