MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vidar


Vendor detections: 17


Intelligence 17 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2
SHA3-384 hash: 723a3cf3fda00c4f786cd89bc033edb2b824ca8ac12f3ee30ae67bb506cfd4f8cf6f2d36d81c9d97eb94007da987b8a2
SHA1 hash: 074d75731d881dee1ea3b70bdf25a6d582401bfd
MD5 hash: 509b64f2f8974036a5db100bb4ac2226
humanhash: nebraska-jig-california-charlie
File name:SecuriteInfo.com.Trojan.PWS.Vidar.102.28690.31408
Download: download sample
Signature Vidar
Create hunting rule
File size:436'224 bytes
First seen:2025-10-04 10:20:19 UTC
Last seen:2025-10-04 11:44:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 49404a2848514cd699a7688be7169c8c (3 x Vidar)
ssdeep 6144:/raxDt86AF82Noe7ex4VyoEsQNackstjsKr4jWMhp8UeplsZ3DtB9+w:yDt81F16eSackEsimC3pW1
Threatray 45 similar samples on MalwareBazaar
TLSH T17594182543AB0A96F413DC398403C737D770BA6293D4A66BE374DB6D2F22923996DF04
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe vidar

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
vidar
Create hunting rule
ID:
1
File name:
0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2.exe
Verdict:
Malicious activity
Analysis date:
2025-10-04 09:23:57 UTC
Tags:
vidar stealer stealc
Link:
https://app.any.run/tasks/6f823617-eb70-426b-8edd-158648d0d857

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/30114/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e0e7ac482d8e84a7ec2966
Tags:
emotet small
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm base64 cmd crypto evasive fingerprint hacktool keylogger lolbin microsoft_visual_cc rundll32 stealer
Link:
https://www.filescan.io/uploads/68e0f5035a3bccf09eb78424/reports/e6b7d549-6896-4927-97ac-97c4e1defc77/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-10-04T05:44:00Z UTC
Last seen:
2025-10-04T10:14:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cd85d615-7e29-424c-a0f1-39413ae35a46
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/509b64f2f8974036a5db100bb4ac2226
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2/
Verdict:
Malicious
Threat:
Family.VIDAR
Link:
https://tip.neiki.dev/file/0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2
Threat name:
Win64.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-10-04 08:50:58 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
30 of 37 (81.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bkfohjuql7cvqxahh4uy7vuk6sclrhvntlqpjh6gjyughesz77ja._file
Verdict:
malicious
Label(s):
vidar
Create hunting rule
Similar samples:
3af3cad4561b39a20f45c5ff6c28fff5820c3278d49c6499ef605bafc45dc871
Vidar
6817a88f1ae2d06a7c93b796c7c008af70c0cb37572a77255bdb767ead303079
Vidar
8f1b55ae725ecf5c3043d390b17eb3d03e9b9681fede65bfea1f6e7cba8e3073
Vidar
a441e76246ce6a7f26b8fef2f6a759672928d09cdfce7ba503701915fd69fb88
Vidar
be68f32481e1551531f9c2ae9322870aa30e48224fb0ad1f4468b04ec07374c0
Vidar
c9cc39c46a8d4cb82f41757da922d5f2428e77f655c8f052a4ef3dd596715be7
Vidar
+ 35 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:404bacad756ba4577e9f094305a3f807n stealer
Link:
https://tria.ge/reports/251004-mdeemabr5s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Malware Config
C2 Extraction:
https://steamcommunity.com/profiles/76561198782513619
https://telegram.me/dobbl7
Verdict:
Suspicious
Tags:
stealer vidar
YARA:
EXE_Vidar_May_2024
Link:
https://app.threat.zone/submission/639eda89-8072-4766-948f-c71bc916d615
Unpacked files
SH256 hash:
0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2
MD5 hash:
509b64f2f8974036a5db100bb4ac2226
SHA1 hash:
074d75731d881dee1ea3b70bdf25a6d582401bfd
Link:
https://www.unpac.me/results/33ae8635-d245-4458-b01f-0c9044bd47dc/
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0a8ae3a6905f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Vidar_unpacked_PulseIntel
Create hunting rule
Author:PulseIntel
Description:Vidar Payload

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Vidar

Executable exe 0a8ae3a6905fc5585c073f298fd68af484b89ead9ae0f49fc64e28639259ffd2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3656198/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/30114/

Comments