vidar | 3cb52ef8bc5ae1920d1abab6de44b3b40d3d30cc65904c5f074cf0a3946c3f2b | Triage

Submit
Reports

Overview

overview

Static

static

3

X-ToolUnlo....1.exe

windows10-ltsc_2021-x64

X-ToolUnlo....1.exe

windows11-21h2-x64

Sharing

General

Target

1X-ToolUnlock.zip
Size

15.2MB
Sample

250401-ba8zaatjw8
MD5

b151eb54bb3aefe40a9539dccd04d672
SHA1

7050268a037ff664fc61ba86a4a63ad39a0e7cb8
SHA256

3cb52ef8bc5ae1920d1abab6de44b3b40d3d30cc65904c5f074cf0a3946c3f2b
SHA512

f85d7b5216117f41adfc0e45fd78d70c118229f09df0fb827cb6039b98bf75027a52f3bb1bcab5d8b9feb6bcf3e53775f562985e01a305c3a44d6a7349febed3
SSDEEP

393216:F93McPsIfNZWeumbyMldf4mlx0Oh7bfFE3KzMles/vbk:FlsGB9b7f4UvBbfFE3ehGo

Score

10^/10

vidar 286abd424eeeb855a080435369086f7f credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

X-ToolUnlock/XToolUnlock_v3.1.exe

Resource

win10ltsc2021-20250314-es

vidar 286abd424eeeb855a080435369086f7f credential_access discovery spyware stealer

windows10-ltsc_2021-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

X-ToolUnlock/XToolUnlock_v3.1.exe

Resource

win11-20250314-es

vidar 286abd424eeeb855a080435369086f7f credential_access discovery spyware stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

286abd424eeeb855a080435369086f7f

C2

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Targets

- Target
  
  X-ToolUnlock/XToolUnlock_v3.1.exe
- Size
  
  634KB
- MD5
  
  93adf8065f0c98800caaa0c04643086d
- SHA1
  
  1d9155ca4e97cd715a2053e98578bc3c41e144dd
- SHA256
  
  93333cc84d80767f88528b50cd5f563a7fc2626e0817ab9a666df733dd51d369
- SHA512
  
  6253872a445477fff892ba37f51aa44e655a7f61dc8ee8e9242911b8c2e9dac105234681255cdf82526239bfc582e8205f8aa9fb7e6a94b4cf2bf696dd26524b
- SSDEEP
  
  12288:SaQ9+ICJkAp0mBpehM8ppy+E4J/aDQy5b4WeZGl/GtWV3OH2JrZwIRlUR:Kw4GBpehMjcuP5b4Fty3pZwglUR
Score

10^/10

vidar 286abd424eeeb855a080435369086f7f credential_access discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar286abd424eeeb855a080435369086f7fcredential_accessdiscoveryspywarestealer

behavioral2

vidar286abd424eeeb855a080435369086f7fcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy