General

  • Target

    75180fd965656b7048588cd12af109fad8fb20e0c3d7290484b6013a403ed2ed.zip

  • Size

    236KB

  • Sample

    240402-msm1bafe7y

  • MD5

    5ab6a7290644acc9ad4e2cf85d8bcda2

  • SHA1

    442975e0be129a80d67741e7a3d2c7126c12dd7f

  • SHA256

    5828e69a8e8467abfe398af3e655710905c4ed08c1d5f1418cc1a83c9500c989

  • SHA512

    7c932693dc04051cc07cbf867131385cbae0816729201c4455d6e43bc4c9ff3bab1d0ee4da563d3f046873b30808c41795fcd96bacfe7fc78a011ee0c1ebc87a

  • SSDEEP

    6144:427nd702bRQ+KggqEKVfjAi/xYQDgSZEUlRbhu0KtWVO+Hx:4IdfbKgkijAYKzLUrc0KtHKx

Malware Config

Extracted

Family

vidar

Version

8.6

Botnet

debff3f4f38e9beeaf8e215a762c8549

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • profile_id_v2

    debff3f4f38e9beeaf8e215a762c8549

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      75180fd965656b7048588cd12af109fad8fb20e0c3d7290484b6013a403ed2ed.exe

    • Size

      272KB

    • MD5

      1e44a9d7a7f85b68bc7827e5f2ad4ddc

    • SHA1

      b87a5e317bebb6ea44c025e9bec1da1912789fd3

    • SHA256

      75180fd965656b7048588cd12af109fad8fb20e0c3d7290484b6013a403ed2ed

    • SHA512

      2beeac0b1e2f566f5d6f91a49fb0d54702e11fff9d7a6b27b9cf1b6180e4236d3edf87f0e6387ef1ad6de05a6db1031f1bd980fda66d86fd43e4421c35f136dd

    • SSDEEP

      6144:0CdjbqI4G8iHCOBO55wW9PKNQLcQKfi9fTNCpo:9n4G5HbBUwW9P0yHIorNCW

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks