vidar | 896608e54883504d4d0033e3f7c264004d21ce803498ab209c66970d4005894e | Triage

Submit
Reports

Overview

overview

Static

static

1

Murder Mys...b.html

windows10-2004-x64

Murder Mys...b.html

windows11-21h2-x64

7

Resubmissions

18/04/2025, 21:39

250418-1h4f7swsaz 4

18/04/2025, 21:31

250418-1c8tqsynv2 10

Sharing

General

Target

Murder Myster 2 Hub.
Size

12KB
Sample

250418-1c8tqsynv2
MD5

7e8785b112a2ce7261eff35b26ac0e92
SHA1

b570b0ebe790f82aeb6127e891b0e7657d49db77
SHA256

896608e54883504d4d0033e3f7c264004d21ce803498ab209c66970d4005894e
SHA512

e2935257e3c2fb75bf5ff799e5721a60febcd921684d905c1a8e5c0c8f60a0d8db4c3a7045608cf022408bb67b7683bc2420bd4eb4fc92d254a6b4420608b687
SSDEEP

384:OpRilUshGGzUeUIOUeUmSEi/Li01UOUTVxWApJWDWigqWia03StSimSiYSi/43R5:OpRilUOGCfvOflS5/u01/8xWApJingq1

Score

10^/10

vidar 77076b8112067904c20207ca37e0f18f credential_access discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

Murder Myster 2 Hub.html

Resource

win10v2004-20250410-en

vidar 77076b8112067904c20207ca37e0f18f credential_access discovery stealer

windows10-2004-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

Murder Myster 2 Hub.html

Resource

win11-20250410-en

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Extracted

Family

vidar

Version

13.5

Botnet

77076b8112067904c20207ca37e0f18f

C2

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Targets

- Target
  
  Murder Myster 2 Hub.
- Size
  
  12KB
- MD5
  
  7e8785b112a2ce7261eff35b26ac0e92
- SHA1
  
  b570b0ebe790f82aeb6127e891b0e7657d49db77
- SHA256
  
  896608e54883504d4d0033e3f7c264004d21ce803498ab209c66970d4005894e
- SHA512
  
  e2935257e3c2fb75bf5ff799e5721a60febcd921684d905c1a8e5c0c8f60a0d8db4c3a7045608cf022408bb67b7683bc2420bd4eb4fc92d254a6b4420608b687
- SSDEEP
  
  384:OpRilUshGGzUeUIOUeUmSEi/Li01UOUTVxWApJWDWigqWia03StSimSiYSi/43R5:OpRilUOGCfvOflS5/u01/8xWApJingq1
Score

10^/10

vidar 77076b8112067904c20207ca37e0f18f credential_access discovery stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar77076b8112067904c20207ca37e0f18fcredential_accessdiscoverystealer

behavioral2

© 2018-2025

Terms | Privacy