General
-
Target
6eaa17442216edf6c184c03e3b7468922c1b6d59fbf419f811552e2e86e0bcfe
-
Size
292KB
-
Sample
221129-y5vfpsgb5x
-
MD5
dbb040abc8a85af0cfc6dfeafea08c3b
-
SHA1
e85a9999916713442d0e1decd282a38604bfe57e
-
SHA256
5f1975fb201ae9ed12ee6cc96aba354b26688ab8a5ea79588e1363b3d3f72f40
-
SHA512
bd1b597fc4b52ab4ef37f83169bff52ba612a6e08c023cc09e95ebd60c9bef3e14c101359886cf238f2b353080e21f72d9e2629f1d74f39ca1654f1cac72268b
-
SSDEEP
6144:Hqcarkid+vrXiZUttf5UcXBU9rPrQccAQ1j5jyV:H27d+vbDt55hxU9cV1FO
Malware Config
Extracted
vidar
55.9
1686
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1686
Targets
-
-
Target
6eaa17442216edf6c184c03e3b7468922c1b6d59fbf419f811552e2e86e0bcfe
-
Size
363KB
-
MD5
2c6a7dd531dca8b94a903922e97a20b9
-
SHA1
b92e8db84095e64032683dcdece17b74a8710935
-
SHA256
6eaa17442216edf6c184c03e3b7468922c1b6d59fbf419f811552e2e86e0bcfe
-
SHA512
b5a1082addb0456784c482afc2cacfd26e3629783d0089769373454652170af325c07a6eb7241ca3b68bdd15862e215e54ed79476af5863959f3f10073a94463
-
SSDEEP
6144:09YKQWhi9vfPLBmS84QZf4K+wywPIC9jurWDwgv+u1Kc:GTitHv84mfx+wypIqrWfQ
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-