General
-
Target
b1e5a8d601ddf099e3e25c1cc2e2c65f471002dbdd4df1241ac5d014f163cd25.exe
-
Size
354KB
-
Sample
240320-c265fafd7w
-
MD5
537c811241dd180a6c950d208520c6a5
-
SHA1
748d1a1c07b106f065b0c1691ad88bed2a14233f
-
SHA256
b1e5a8d601ddf099e3e25c1cc2e2c65f471002dbdd4df1241ac5d014f163cd25
-
SHA512
1e5b2e96e1369c9cc749615e346718b6e061ce91ba7cd9d241f5c2a391bb3be0a7b89d975a5955a426d6a778ccd361f4eff7e6e1292ec1df43620f764d5fdf37
-
SSDEEP
6144:7ntVu+z4DpPFPdv1PgQBvnsKghTzHEWG5EHLxy+AE:7Z8nPdvlIDHLxy
Malware Config
Extracted
vidar
8.4
4cf8d799a3641f9821e54be56c960e28
https://steamcommunity.com/profiles/76561199654112719
https://t.me/r2d0s
-
profile_id_v2
4cf8d799a3641f9821e54be56c960e28
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0
Targets
-
-
Target
b1e5a8d601ddf099e3e25c1cc2e2c65f471002dbdd4df1241ac5d014f163cd25.exe
-
Size
354KB
-
MD5
537c811241dd180a6c950d208520c6a5
-
SHA1
748d1a1c07b106f065b0c1691ad88bed2a14233f
-
SHA256
b1e5a8d601ddf099e3e25c1cc2e2c65f471002dbdd4df1241ac5d014f163cd25
-
SHA512
1e5b2e96e1369c9cc749615e346718b6e061ce91ba7cd9d241f5c2a391bb3be0a7b89d975a5955a426d6a778ccd361f4eff7e6e1292ec1df43620f764d5fdf37
-
SSDEEP
6144:7ntVu+z4DpPFPdv1PgQBvnsKghTzHEWG5EHLxy+AE:7Z8nPdvlIDHLxy
Score10/10-
Detect Vidar Stealer
-
Detect ZGRat V1
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Suspicious use of SetThreadContext
-