General

  • Target

    build2.exe

  • Size

    342KB

  • Sample

    240330-nb36msdg7t

  • MD5

    26544ec9adc1864de80222fb0b38e6dc

  • SHA1

    2ca52374bb468a8e2c10d39b64d1e4e9d7d0adee

  • SHA256

    03b38ccf2c3145839d5ea7c5ccec609de3a67a7e435e94ca05c8c080d9df4411

  • SHA512

    f7eb99db8eb4df15ac252bd4523a407b32089d22c435303499bc3813ecdf1ffbc8483417bb97e901fba3e3f36c6e9e47eb30fa78b7c461d3f78f5d5899fae730

  • SSDEEP

    3072:O+y2XhibQ/qRoIuNnxksieFNPYX+kYr/fGCqmAgma5Vn4T3+HmmcgPjxnWfH:OeaQ/q1Q+siiXX3usArNglWf

Malware Config

Extracted

Family

vidar

Version

8.4

Botnet

95002d0a9d65ffced363a8f35f42a529

C2

https://steamcommunity.com/profiles/76561199654112719

https://t.me/r2d0s

Attributes
  • profile_id_v2

    95002d0a9d65ffced363a8f35f42a529

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0

Targets

    • Target

      build2.exe

    • Size

      342KB

    • MD5

      26544ec9adc1864de80222fb0b38e6dc

    • SHA1

      2ca52374bb468a8e2c10d39b64d1e4e9d7d0adee

    • SHA256

      03b38ccf2c3145839d5ea7c5ccec609de3a67a7e435e94ca05c8c080d9df4411

    • SHA512

      f7eb99db8eb4df15ac252bd4523a407b32089d22c435303499bc3813ecdf1ffbc8483417bb97e901fba3e3f36c6e9e47eb30fa78b7c461d3f78f5d5899fae730

    • SSDEEP

      3072:O+y2XhibQ/qRoIuNnxksieFNPYX+kYr/fGCqmAgma5Vn4T3+HmmcgPjxnWfH:OeaQ/q1Q+siiXX3usArNglWf

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks