vidar | e705563d5634d217e0ebb3dcde0326e0cae0d57bc866871d8f4032747c8347f6 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-03-31...om.exe

windows10-2004-x64

Sharing

General

Target

2025-03-31_61903c7168838b2fd1c701756d1efb15_black-basta_cobalt-strike_ryuk_satacom
Size

1.9MB
Sample

250331-q5w1ja1vdw
MD5

61903c7168838b2fd1c701756d1efb15
SHA1

918de67ab700e3856d6ee40d239e68c0e806d11f
SHA256

e705563d5634d217e0ebb3dcde0326e0cae0d57bc866871d8f4032747c8347f6
SHA512

5f513cbc9e3fba4c3c0707d3ebca755664b09a8e8ce796826036a57b2ad6a6eec7dfa1b9fcec1b99af696bac71fbb6cfd0254f841e1dd466f3d7b61f4edf4c3c
SSDEEP

24576:NNI2LXlFLf2uee/0kd+mELBX11GyDXcOSbNpZwglUR:LnFFytugglUR

Score

10^/10

vidar 286abd424eeeb855a080435369086f7f credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-03-31_61903c7168838b2fd1c701756d1efb15_black-basta_cobalt-strike_ryuk_satacom.exe

Resource

win10v2004-20250314-en

vidar 286abd424eeeb855a080435369086f7f credential_access discovery spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

286abd424eeeb855a080435369086f7f

C2

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Targets

- Target
  
  2025-03-31_61903c7168838b2fd1c701756d1efb15_black-basta_cobalt-strike_ryuk_satacom
- Size
  
  1.9MB
- MD5
  
  61903c7168838b2fd1c701756d1efb15
- SHA1
  
  918de67ab700e3856d6ee40d239e68c0e806d11f
- SHA256
  
  e705563d5634d217e0ebb3dcde0326e0cae0d57bc866871d8f4032747c8347f6
- SHA512
  
  5f513cbc9e3fba4c3c0707d3ebca755664b09a8e8ce796826036a57b2ad6a6eec7dfa1b9fcec1b99af696bac71fbb6cfd0254f841e1dd466f3d7b61f4edf4c3c
- SSDEEP
  
  24576:NNI2LXlFLf2uee/0kd+mELBX11GyDXcOSbNpZwglUR:LnFFytugglUR
Score

10^/10

vidar 286abd424eeeb855a080435369086f7f credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar286abd424eeeb855a080435369086f7fcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy