General
-
Target
afce72cd3bc717c784962083066e3ede2b0aaadbe0908ec7360096c923774fa5.exe
-
Size
277KB
-
Sample
240329-c272qsfe5z
-
MD5
8dae8b6a6be6e3527183594d1c26a2d3
-
SHA1
b87e40cee60869a36e79c88c8a3a34baf0bc4889
-
SHA256
afce72cd3bc717c784962083066e3ede2b0aaadbe0908ec7360096c923774fa5
-
SHA512
0bf065700db647efba39a13a58242a595907e6c11885575cf0bdad9e23ab40583c8a6535464e46d75d075e20d88b7a6305a761df9da787fdc8728483dd48f96e
-
SSDEEP
6144:GtcSsUDC2OZuhYRQqPY3x/OKV/LYZsTZgzENh+a1:TSsUO2cuhY1m/VYZsI
Malware Config
Extracted
vidar
8.6
5739ef2bbcd39fcd59c5746bfe4238c5
https://steamcommunity.com/profiles/76561199658817715
https://t.me/sa9ok
-
profile_id_v2
5739ef2bbcd39fcd59c5746bfe4238c5
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Targets
-
-
Target
afce72cd3bc717c784962083066e3ede2b0aaadbe0908ec7360096c923774fa5.exe
-
Size
277KB
-
MD5
8dae8b6a6be6e3527183594d1c26a2d3
-
SHA1
b87e40cee60869a36e79c88c8a3a34baf0bc4889
-
SHA256
afce72cd3bc717c784962083066e3ede2b0aaadbe0908ec7360096c923774fa5
-
SHA512
0bf065700db647efba39a13a58242a595907e6c11885575cf0bdad9e23ab40583c8a6535464e46d75d075e20d88b7a6305a761df9da787fdc8728483dd48f96e
-
SSDEEP
6144:GtcSsUDC2OZuhYRQqPY3x/OKV/LYZsTZgzENh+a1:TSsUO2cuhY1m/VYZsI
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Suspicious use of SetThreadContext
-