General

  • Target

    34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa.exe

  • Size

    11MB

  • Sample

    231202-lexf6abd62

  • MD5

    98a0bf4af1e1e9a69bddee4421e1772d

  • SHA1

    38c9160650423557c000b624dc5764c7e593b6e2

  • SHA256

    34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa

  • SHA512

    57e5311bc68b22f59029129ed8a11b6e604e908eba60bc4548604011eee2465ffee5748157d78377c796bb6a2e019cd9018f84f4fc610a45255ee4729f1797dc

  • SSDEEP

    196608:Z0OHLe9/L+y5ugST2ZHZIXt/D7awIyOmAJuA4PZPc2iVXLy0LY7tvRo:K39/Cy5ugPnIFb37AJ+Nc2ikQGo

Malware Config

Extracted

Family

vidar

Version

6.5

Botnet

ff0f5173b378c3dde7c3c6e3ae14c3a6

C2

https://t.me/starcofeeth

https://steamcommunity.com/profiles/76561199571056594

Attributes
  • profile_id_v2

    ff0f5173b378c3dde7c3c6e3ae14c3a6

  • user_agent

    Mozilla/5.0 (X11; CrOS x86_64 15329.59.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

Targets

    • Target

      34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa.exe

    • Size

      11MB

    • MD5

      98a0bf4af1e1e9a69bddee4421e1772d

    • SHA1

      38c9160650423557c000b624dc5764c7e593b6e2

    • SHA256

      34318cdef0cad69ba0ba6f68b42fdd5c581abdbc4feceeab73bc13c56840e7fa

    • SHA512

      57e5311bc68b22f59029129ed8a11b6e604e908eba60bc4548604011eee2465ffee5748157d78377c796bb6a2e019cd9018f84f4fc610a45255ee4729f1797dc

    • SSDEEP

      196608:Z0OHLe9/L+y5ugST2ZHZIXt/D7awIyOmAJuA4PZPc2iVXLy0LY7tvRo:K39/Cy5ugPnIFb37AJ+Nc2ikQGo

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks