MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vidar


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2
SHA3-384 hash: 3ee84ae395678c2c44594b1b07e1b246a6334cf5e245cbbd7968f5fa96a27d96f8de88cd066861f4c5c4717777256a85
SHA1 hash: 7842bffec88bc9c9d55322117982fcbc22bd1198
MD5 hash: 7eb3a3fce3ac814eae5f6dce3274916e
humanhash: music-december-echo-west
File name:SETUP.zip
Download: download sample
Signature Vidar
Create hunting rule
File size:8'470'977 bytes
First seen:2025-12-23 16:08:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:Hw8sZ2wjsnnITbj/vvLMbKFjUlAXFDBigNnWfa7zAOgAAbrQR:/sZ2wjRLUKFzqSoa7zhbAb0R
TLSH T102863335F4645A4BD17F64796DEC050AE0C7E06B24A39BE0CC28528B6D04EFBF70A94B
Magika zip
Reporter aachum
Tags:dllHijack vidar zip


Avatar
iamaachum
https://scnruetos.pro/ => https://www.mediafire.com/file/ku25v7zsahw2z7k/D0WN10AD_SETUP_F1LE_(2025)_PAS5.zip/file

Vidar C2:
https://telegram.me/gal17d
https://steamcommunity.com/profiles/76561198759765485
https://xet.multiatend.com.br/

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/77e87982-2679-4f4b-89e0-6037f499550a/
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694abe7401c7b4a8fe551620
Tags:
injection obfusc crypt
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2/results?tab=lookup
Score:
21%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout SVG Zip Archive
Link:
https://app.malva.re/file/7eb3a3fce3ac814eae5f6dce3274916e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 16:08:18 UTC
File Type:
Binary (Archive)
Extracted files:
160
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ckifyhxpwo2ossf7xqw57ta2ohvzv6h4msijom3sqqxmxbsm2ra._file
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar discovery execution stealer
Link:
https://tria.ge/reports/251223-t16kyswqht/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Browser Information Discovery
System Location Discovery: System Language Discovery
System Time Discovery
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Detects Vidar Stealer
Vidar
Vidar family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Vidar

zip d09482e0f77d9da74a45fde16efe60d38f5cd7c7e32484b99b9421765c3266a2

(this sample)

Vidar

DLL dll 5016becadad4b0feeca601a7a86e7c2a660531e106363182d771b33b5426d972

  
Link
https://tria.ge/251223-tbnc3swjcs/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 5016becadad4b0feeca601a7a86e7c2a660531e106363182d771b33b5426d972
  
Dropping
MD5 90cd223a31c62ea37fc5f70e2ad0897c

Comments