General

  • Target

    3c8861781bc5c16b4490863e238c5dc72fbe6586a1ee36df8989e7993a9c46b3.exe

  • Size

    15MB

  • Sample

    231202-k6zvxsbb3y

  • MD5

    31ddb76cee6b27419e729bdc4b60428e

  • SHA1

    e7172ca1040c2afa6ba4d995af34de91439b7f8a

  • SHA256

    3c8861781bc5c16b4490863e238c5dc72fbe6586a1ee36df8989e7993a9c46b3

  • SHA512

    835dfa62b68589bffaf6ef7d02c2ea5883b970f8c4750b6ed51f3e328cf3f367840d1d667b91e366073a099f6ccce71087525eafd9cf71575ea98c3f03e0d6e4

  • SSDEEP

    393216:Ej3iUkEPE1GHoujdy1JbCVwqusx0M69g52Lm+Sk7Nl:amEs1bujM0WexK9tmov

Malware Config

Extracted

Family

vidar

Version

6.3

Botnet

99e0d5086493a95a748eebca81c70094

C2

https://steamcommunity.com/profiles/76561199566884947

https://t.me/octobrains

Attributes
  • profile_id_v2

    99e0d5086493a95a748eebca81c70094

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:110.0) Gecko/20100101 Firefox/119.0

Targets

    • Target

      3c8861781bc5c16b4490863e238c5dc72fbe6586a1ee36df8989e7993a9c46b3.exe

    • Size

      15MB

    • MD5

      31ddb76cee6b27419e729bdc4b60428e

    • SHA1

      e7172ca1040c2afa6ba4d995af34de91439b7f8a

    • SHA256

      3c8861781bc5c16b4490863e238c5dc72fbe6586a1ee36df8989e7993a9c46b3

    • SHA512

      835dfa62b68589bffaf6ef7d02c2ea5883b970f8c4750b6ed51f3e328cf3f367840d1d667b91e366073a099f6ccce71087525eafd9cf71575ea98c3f03e0d6e4

    • SSDEEP

      393216:Ej3iUkEPE1GHoujdy1JbCVwqusx0M69g52Lm+Sk7Nl:amEs1bujM0WexK9tmov

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Tasks