MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vidar


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b
SHA3-384 hash: 3f5d9e722cfef1cdfd51eb37aff55e43ccc3c11e0b3519214aa73abf666b254171b17f7c4490b402eb06d5d975156118
SHA1 hash: 853bca504fe7102b8b52db49c737bf838e0e8f2b
MD5 hash: 74956bee02b687d2dd7ce92c0111cfc5
humanhash: tennis-sweet-glucose-beer
File name:SETUP.zip
Download: download sample
Signature Vidar
Create hunting rule
File size:1'835'467 bytes
First seen:2025-10-13 18:14:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:6pIkgi9BXKPkQqcfQGR4pYkeAYJrXdW3z7wVB:6Ckz9B6NBfQdYkWXdI7k
TLSH T189851221FE74441EE888E0B12B613D71C6642F50E9306C72EB749DE46FC6F0D8BAD5A6
Magika zip
Reporter aachum
Tags:AutoIT CypherIT file-pumped vidar zip


Avatar
iamaachum
https://fulllatestss.onl/ => https://mega.nz/file/Oo5FDC6J#dp8qTfiTgCFXgIoIM2vIUBnGCohOrjDsaT7s22wGmg0

Vidar C2:
https://tre.m.astrum.vu/
https://telegram.me/cholars
https://steamcommunity.com/profiles/76561198780612393
https://pre.cozygardenkids.com/
https://pre.sofyartist.com/

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:105'906'213 bytes
SHA256 hash: cd2b3fda674aa6d8fb8fae5b54d80118d192e2fefb2fb3db457768b7bffd47ec
MD5 hash: 4086f575f8a3a97ee4892dc71c004ea3
De-pumped file size:1'496'576 bytes (Vs. original size of 105'906'213 bytes)
De-pumped SHA256 hash: ac7e72b933f7bf58de3b55850db000387ba166a4c4a55781ea95e2bd631f9029
De-pumped MD5 hash: 7a981e99583a013a2a12c1a63867fe1a
MIME type:application/x-dosexec
Signature Vidar
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68ed41ea777ae46bec428f21
Tags:
shell spawn sage
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bloated CAB installer lolbin microsoft_visual_cc overlay overlay packed rundll32 runonce
Link:
https://www.filescan.io/uploads/68ed41ff71883144ef34c6fa/reports/56ab6a08-6d66-40c3-9c50-ac6dc5d738b1/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b
Verdict:
Malicious
File Type:
zip
First seen:
2025-10-12T19:42:00Z UTC
Last seen:
2025-10-14T00:28:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b
Verdict:
Malware
YARA:
4 match(es)
Tags:
AutoIt CVE-2019-13232 CVE-2019-9674 CVE-2022-29225 CVE-2022-36114 CVE-2023-46104 CVE-2024-0450 Executable Malicious PDB Path PE (Portable Executable) PE File Layout Zip Archive Zip Bomb
Link:
https://app.malva.re/file/74956bee02b687d2dd7ce92c0111cfc5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b/
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2025-10-13 00:40:53 UTC
File Type:
Binary (Archive)
Extracted files:
33
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4c5ol4jokmz5zcddqusc5n6z3udwbtly27djudo6xo7qleslt2fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Script
Create hunting rule
Author:@bartblaze
Description:Identifies AutoIT script. This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Vidar

zip e0bae5f12e5333dc886385242eb7d9dd0760cd78d7c69a0ddebbbf05924b9e8b

(this sample)

Vidar

Executable exe cb797ea0ec7b4a64c1fff662b89dd66847ec2f1bd114c01d3a9a7ed6af6c5f3f

  
Link
https://tria.ge/251013-wh9k1az1cy/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 cb797ea0ec7b4a64c1fff662b89dd66847ec2f1bd114c01d3a9a7ed6af6c5f3f
  
Dropping
MD5 f41e77be257c2faf33e4610e4ed64595
  
Dropping
SHA256 ac7e72b933f7bf58de3b55850db000387ba166a4c4a55781ea95e2bd631f9029
  
Dropping
MD5 7a981e99583a013a2a12c1a63867fe1a

Comments