General

  • Target

    SSP-trimmed.zip

  • Size

    6.3MB

  • Sample

    231204-gxhnhahd45

  • MD5

    0e6d14819e4394656399b0c4bc3ce504

  • SHA1

    b37bf3756a6185a446417c8bcd17e8e5ee0d0fcb

  • SHA256

    d3c7e8a537c7024b13b91a405d278599ad649a469abce76abb4b9c1ea90e5150

  • SHA512

    4dd9a717d3b49eaf118f9d5457906f919e50f8915b2a3eff38c2802c0d91bb75556f47db01bf70cf6ade3c45a66997ebea009398bf38cd37ff4ff668c8f65599

  • SSDEEP

    196608:3ZeTc+6l82ka6EyhcQbo5UKjbAha5pmrY:3WJ6l82SEQboe2KYd

Malware Config

Extracted

Family

vidar

Version

5.3

Botnet

f7893b40d11fea7da4c9eb28d53aaede

C2

https://steamcommunity.com/profiles/76561199544211655

http://5.42.79.33:80

https://t.me/vookihhfds

https://t.me/buukcay

Attributes
  • profile_id_v2

    f7893b40d11fea7da4c9eb28d53aaede

Targets

    • Target

      SSP-trimmed.exe

    • Size

      6.4MB

    • MD5

      35cdde5c79724438f5ed1f960048cfde

    • SHA1

      1e0d0823c9ca06e67365b63d679bb0d20427a456

    • SHA256

      680d4f250afaf0588cd948256dd685fadf93132244ae4af4cae058065c41abe5

    • SHA512

      9bf99c076b8f682bb6c80723ab7fc9aa57f1a0f2ce61a3fe63417dc67bc3c415f64ac751d8d7f141730f44dfae4e0e4f5d24a285c84c0f600706ee3761fc4f10

    • SSDEEP

      196608:Uth6DSxeWtalCT6FViTKWxdXbkRQVkqiewdqAv+:UtWsJ8lCT6Fo7BYyVkTewF2

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks