General

  • Target

    194234e48c362f1bf3be6d02c5b380bfc900a2cf7911a1fc658a5a2ec0d0164f

  • Size

    4.6MB

  • Sample

    240401-ffbcesdh3v

  • MD5

    0c2d303852f827c4852bf46550ea2ed8

  • SHA1

    7bb54cb67135bbb94d8a26356f3d1e170a71a1a7

  • SHA256

    194234e48c362f1bf3be6d02c5b380bfc900a2cf7911a1fc658a5a2ec0d0164f

  • SHA512

    c2ab4c4a4bcfd4f9f350e946a08a9be3ded6741ac3981a977c52331a403488b4f224c7f0b01d24af3e351e532b3c3cdeedfe356785e5858411c80793fb3ca307

  • SSDEEP

    49152:/O7+j8UTGHTmC09b2hAgvl83HRCDd4MgUleSjtriGvPZ9sUoUbuydknSige833K:/O7+j8v70hmleSjFi0Z9sUoUbKSi18

Malware Config

Extracted

Family

vidar

Version

8.6

Botnet

22d12fb91f01647fe2107fec81f0cc22

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • profile_id_v2

    22d12fb91f01647fe2107fec81f0cc22

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      194234e48c362f1bf3be6d02c5b380bfc900a2cf7911a1fc658a5a2ec0d0164f

    • Size

      4.6MB

    • MD5

      0c2d303852f827c4852bf46550ea2ed8

    • SHA1

      7bb54cb67135bbb94d8a26356f3d1e170a71a1a7

    • SHA256

      194234e48c362f1bf3be6d02c5b380bfc900a2cf7911a1fc658a5a2ec0d0164f

    • SHA512

      c2ab4c4a4bcfd4f9f350e946a08a9be3ded6741ac3981a977c52331a403488b4f224c7f0b01d24af3e351e532b3c3cdeedfe356785e5858411c80793fb3ca307

    • SSDEEP

      49152:/O7+j8UTGHTmC09b2hAgvl83HRCDd4MgUleSjtriGvPZ9sUoUbuydknSige833K:/O7+j8v70hmleSjFi0Z9sUoUbKSi18

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks