General
-
Target
vdr.exe
-
Size
1.1MB
-
Sample
230319-bzmscagd8z
-
MD5
2217ee9707ae2b8c5798935eff36902e
-
SHA1
7751f7ce4f3e2d2d7aafa298d48408758482d26d
-
SHA256
ea9340574989e4082b2056d8eee9c80c35bdff64c2609dd2e4c7311d5bbab698
-
SHA512
d8006161b01e11cf741123c60cc52e8b7095de862dacbeb5eb0d4cabbfe43d97161ef72433a2cbe97052e6f7b7cf33813794caa9fafdff0c5be888a01a4d93ab
-
SSDEEP
24576:Ozvhbkfiq1URLTdRy6PFFqtj9eKlG/HTZOJrILl:u5bkiq1Upr2tj9XlGERAl
Malware Config
Extracted
vidar
3
3952bbf0d90985abbacaa568c51913e2
https://t.me/zaskullz
https://steamcommunity.com/profiles/76561199486572327
http://135.181.87.234:80
-
profile_id_v2
3952bbf0d90985abbacaa568c51913e2
Targets
-
-
Target
vdr.exe
-
Size
1.1MB
-
MD5
2217ee9707ae2b8c5798935eff36902e
-
SHA1
7751f7ce4f3e2d2d7aafa298d48408758482d26d
-
SHA256
ea9340574989e4082b2056d8eee9c80c35bdff64c2609dd2e4c7311d5bbab698
-
SHA512
d8006161b01e11cf741123c60cc52e8b7095de862dacbeb5eb0d4cabbfe43d97161ef72433a2cbe97052e6f7b7cf33813794caa9fafdff0c5be888a01a4d93ab
-
SSDEEP
24576:Ozvhbkfiq1URLTdRy6PFFqtj9eKlG/HTZOJrILl:u5bkiq1Upr2tj9XlGERAl
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-