General
-
Target
file.exe
-
Size
4.4MB
-
Sample
230528-t78nwsff56
-
MD5
4c1bbe87ee4ab42478c8d11e5bb42ebf
-
SHA1
01911b9c7b596872d3bf53cd6924c7f917799d90
-
SHA256
c9e867da8945ace03fffb15fb6c8b73e556131b3e7ceb652ec2f3e36bc26ca66
-
SHA512
37ed30c05f2a73d52980a17d3e4c282c623e6c471ff5ebf0567283f900c2fbfae56e6b9faad435dc9d80e4e2748b2e271a60bc544352733449f6ed129e5d48eb
-
SSDEEP
98304:mKVgqRNSUVpJgLtclkBCY+2vE79BjrQ/L9nV/7mLY3B31Vs3P3fOj:mZ2NSiJcculwTExV/7p3
Malware Config
Extracted
vidar
4
bf57fe2fae2974604afc18ab750c7063
https://steamcommunity.com/profiles/76561199508624021
https://t.me/looking_glassbot
-
profile_id_v2
bf57fe2fae2974604afc18ab750c7063
-
user_agent
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Targets
-
-
Target
file.exe
-
Size
4.4MB
-
MD5
4c1bbe87ee4ab42478c8d11e5bb42ebf
-
SHA1
01911b9c7b596872d3bf53cd6924c7f917799d90
-
SHA256
c9e867da8945ace03fffb15fb6c8b73e556131b3e7ceb652ec2f3e36bc26ca66
-
SHA512
37ed30c05f2a73d52980a17d3e4c282c623e6c471ff5ebf0567283f900c2fbfae56e6b9faad435dc9d80e4e2748b2e271a60bc544352733449f6ed129e5d48eb
-
SSDEEP
98304:mKVgqRNSUVpJgLtclkBCY+2vE79BjrQ/L9nV/7mLY3B31Vs3P3fOj:mZ2NSiJcculwTExV/7p3
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-