vidar

General

Target

𝙸𝚗𝚜𝚝𝚊𝚕𝚕+𝙵𝚞𝚕𝚕𝙵𝚒𝚕𝚎.&.𝙿𝚊𝚜𝚜𝚠𝚘𝚛𝚍__2025.zip
Size

12.8MB
Sample

250516-ajg2gsbl4w
MD5

5fec5d74e0b65e3de954245adba84dc1
SHA1

1d6f271eb812dd505d8451c9ae5e0e80fc93ac32
SHA256

e5c1a30d17fabb7dafba84c71be6ce1813dacfa3172c3ed853d4a2e6ec636608
SHA512

6d58ffa7eb2f5a1c8c944ce7e05d65d5a79ba7ea77e50e789f2819be8d5a26430642684262a74d850a0cd06de3c0003a19c32cfb9a4bca4e5221e086ac6b2beb
SSDEEP

393216:P8gHY1yIwA7SnVs31jaznydXXFT9r0hB6GVVh:kgHIyI57Sns+ydVt0Tbh

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

13.7

Botnet

1dd2074e385352bc3730bc422ea9b88c

C2

https://t.me/eom25h

https://steamcommunity.com/profiles/76561199855598339

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/135.0.0.0 Safari/537.36 OPR/120.0.0.0

Targets

- Target
  
  𝙁𝙞𝙡3 𝙋@$$𝙒0𝙧𝙙 = 2025.rtf
- Size
  
  11.5MB
- MD5
  
  fa2c8fb6bccaa41862ae751620efa483
- SHA1
  
  7651504ccfc4ad31f9e28d2426dab7b6604e2dad
- SHA256
  
  5d34ce386b036140c72cfdbe900df2a7f3e8d1d788e96f410d7798adcf166968
- SHA512
  
  805b7071fe84a80da02a9ce6087fce5307a97a2bb0fc5a9d362fc2c9c9a7790ddb8a90ec56723e84971485d166933ab9db930ecebc4c9acd8ed8a25b9bf750cc
- SSDEEP
  
  24576:+isFxNHtyPKUI5rYtyPKUI5rYtyPKUI5rYtyPKUI5rYtyPKUI5rYtyPKUI5rYty6:S
Score

1^/10
behavioral1
- Target
  
  Qt5Core.dll
- Size
  
  5.3MB
- MD5
  
  ec23b1c1f722a63d7f97bb0fbe20a2e2
- SHA1
  
  dc40212e326c566ea7fc6163328222b59dccb1ef
- SHA256
  
  410f58c8a9af812958e9746c364c3bd80ea8250962e52194934afa15e0049e4c
- SHA512
  
  ddd11836e02ae81b310ca2c7a25a0681d9ded2f087174e8163a975cb90118cddf1c26d737252022effd5d33f071c0bf9e8102f57fcf57fe786322d74a608d3a9
- SSDEEP
  
  98304:iKAun4YNzLUb17Jsv6tWKFdu9CTTzRWHfoj:iKAE4YNzLUNJsv6tWKFdu9CTZWHfo
Score

1^/10
behavioral2
- Target
  
  Qt5Gui.dll
- Size
  
  5.7MB
- MD5
  
  72ac63e9e9f015d6471dde58297a4fc6
- SHA1
  
  8287d52643c55acbaf4134e8d2c41dd5d923846b
- SHA256
  
  6b8a49b6b37d69213762c8f2c8a9970014364f4055f08a850d27c0343fbe00de
- SHA512
  
  d222a719cf3353747be1308615a7e2aa96fc8f60c83accb2bb47507946810004c96199f17831865089970c165e39d50c623569d5fd5615050aa152ff512422f0
- SSDEEP
  
  49152:6jzhLDsRlJQJaC1jy/vm6Rl7TrWY/toKivPCnCxq6udDWE3n2ztbgRY+2ScqT4Qq:gzJsSHwv7Rl/JC4njG3+2C4QAHn
Score

1^/10
behavioral3
- Target
  
  Qt5Widgets.dll
- Size
  
  5.3MB
- MD5
  
  2bd07acef2ffd5ad8388b714d4f81995
- SHA1
  
  056824e256291f87d8cc216a3eb4ca15b3713b2f
- SHA256
  
  250c3717663e4ab3ce50e4a53bc532bf0c0850d2917773dd7e482e733081a1a1
- SHA512
  
  4859e272e51c84ca2690947807b53833aea3a519191a61c635bb2666b4a75c760415ef117dfedf8fbcb567d34d6746d5b1f3b83331a5e2599d8c05088242d253
- SSDEEP
  
  98304:ILfU4cYhBySbHVV50lUtRtpsW+HmoBB7hKdHa3RTX//n9Fei5xivs8+pZADRe/YW:ILfU4cYhBySbHVV50lUtRtpsW+HmoBBl
Score

1^/10
behavioral4
- Target
  
  Setup.exe
- Size
  
  436KB
- MD5
  
  ef65cfadfc4b4914a11acdd61714c6eb
- SHA1
  
  61a4d1f8a094bbf19144ca8d6a4b6b0bfa9b6fb6
- SHA256
  
  70883a06d37c69b015c3eb37b29c0184175be78b3ff037523b34460c31445818
- SHA512
  
  0e11a880e888033e4095cacd1f552006847c5120dd2a6395b88362e14c948d51877c86cbb262e66a0a3d20e85c982313a628ffef229d0d3bc82e415752f2a72d
- SSDEEP
  
  768:AGK3mMjFCX5vO8Znr/DmFLa2GtFH0uRTv/lIkINDU0jN7KqwhqZ6nT2TXKpoNz:AGGm6FOO8Y+jbH3Tv/lIkUDf5K56Om
Score

10^/10

vidar 1dd2074e385352bc3730bc422ea9b88c credential_access defense_evasion discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  msvcp120.dll
- Size
  
  644KB
- MD5
  
  edef53778eaafe476ee523be5c2ab67f
- SHA1
  
  58c416508913045f99cdf559f31e71f88626f6de
- SHA256
  
  92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f
- SHA512
  
  7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8
- SSDEEP
  
  12288:EOB4p+q4N8d4l2ms4cTHN+m+gy/vEPYysExtvsIvX71A+2EKZm+GWodEEpvYG:jAtvsIvL2EKZm+GWodEEpvYG
Score

1^/10
behavioral6
- Target
  
  msvcr120.dll
- Size
  
  940KB
- MD5
  
  aeb29ccc27e16c4fd223a00189b44524
- SHA1
  
  45a6671c64f353c79c0060bdafea0ceb5ad889be
- SHA256
  
  d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa
- SHA512
  
  2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006
- SSDEEP
  
  24576:cj7dDxvo5outISmDa5HSueghIHkCvf44lmWymt:cnLLSl1tCX44h
Score

1^/10
behavioral7