Overview

overview

10

Static

static

3

Sft_Extra.exe

windows7-x64

1

Sft_Extra.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ex_PE_v3.1.9.rar

  • Size

    2.9MB

  • Sample

    240218-m5q8hahf96

  • MD5

    948c008a4a732a37a2e66fc50da0946a

  • SHA1

    b1f6fd65f910118b7046f2930a4b77d682631bbb

  • SHA256

    04ec8be17e718e7df090dcd4c8297859c64e3b30738c099809895dca50ad7b11

  • SHA512

    9021333a8268d4d158beb9f5e51b12dbe5a7ac90cce95a8f6165364ed010c56bd8fc613606bba1773b388650a98a3579ebdb4d3a5d56384a7e19b058de169876

  • SSDEEP

    49152:d4EJqKNTvjjQL5shj//YeBQSIIb05bBJJgr081nmQLQlUEDTU0wVhzvZ28+1p189:6ElNTvMGigQSII45Vgr0kn30eEDAVD2i

Score
10/10
vidar11517b89b590a0507ebc843bd239d1e5stealer

Malware Config

Extracted

Family

vidar

Version

7.8

Botnet

11517b89b590a0507ebc843bd239d1e5

C2

https://t.me/karl3on

https://steamcommunity.com/profiles/76561199637071579
Attributes
  • profile_id_v2

    11517b89b590a0507ebc843bd239d1e5

  • user_agent

    Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Targets

    • Target

      Sft_Extra.exe

    • Size

      1.1MB

    • MD5

      f975a2d83d63a473fa2fc5206b66bb79

    • SHA1

      e49d21f112ab27ae0953aff30ae122440cf164b9

    • SHA256

      6a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8

    • SHA512

      4af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64

    • SSDEEP

      12288:IbCylcTVPbi7vT1K7n6HpVkg8KHIo5u0K1VmMxEnbuvuY2jTU+LHMA+nk2oG1ts:4lcTVPbikTMkg8KH/mmMxnvfphx8

    Score
    10/10
    vidar11517b89b590a0507ebc843bd239d1e5stealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks