vidar

General

Target

random.exe
Size

2.1MB
Sample

250515-g8f9tahn5w
MD5

dcbfab753554cd4cd7372afb49fb0ee1
SHA1

abab2497b19aee5412a8a7dc4e063fca4fad484c
SHA256

a6e46cc6ea6bb54c37b6846e77047932bc3c871d7363a9114a916eb44702a039
SHA512

3928d8d93d8634aba074beb3793b9eeb5d15140f154e1c684200bcd77f71815e237a04067bb953fd927e244c390254b659a13a926e5eb378cf95d88c637cc2b2
SSDEEP

24576:daE+hTNrCHtLfTfuM7Djr5QpYrao2rupZrOH5Y3W2oAngzheoD5iJdcuVd/kb65F:p+MRdOHR21gVeoD6dc++b6Uw21xt5ysc

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

13.7

Botnet

54911ccfd8045c892eac97c18f773c50

C2

https://t.me/eom25h

https://steamcommunity.com/profiles/76561199855598339

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/135.0.0.0 Safari/537.36 OPR/120.0.0.0

Targets

- Target
  
  random.exe
- Size
  
  2.1MB
- MD5
  
  dcbfab753554cd4cd7372afb49fb0ee1
- SHA1
  
  abab2497b19aee5412a8a7dc4e063fca4fad484c
- SHA256
  
  a6e46cc6ea6bb54c37b6846e77047932bc3c871d7363a9114a916eb44702a039
- SHA512
  
  3928d8d93d8634aba074beb3793b9eeb5d15140f154e1c684200bcd77f71815e237a04067bb953fd927e244c390254b659a13a926e5eb378cf95d88c637cc2b2
- SSDEEP
  
  24576:daE+hTNrCHtLfTfuM7Djr5QpYrao2rupZrOH5Y3W2oAngzheoD5iJdcuVd/kb65F:p+MRdOHR21gVeoD6dc++b6Uw21xt5ysc
Score

10^/10

vidar 54911ccfd8045c892eac97c18f773c50 credential_access defense_evasion discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1