General

  • Target

    b9220e18f15660f7649d01f17b9b787982442067449c0f27fce621f365b91edd.zip

  • Size

    239KB

  • Sample

    240402-msnlvafe8s

  • MD5

    bbb93a325cacb0b3fa4520f21dcb3033

  • SHA1

    10df615039dc9d33805c69bc44bf78c3b56df849

  • SHA256

    4f15041b7d354ed79da5f151cda59a6ac1e689b69936a84e4271717bdb93adef

  • SHA512

    e4fd7c7b4e725015d9e5f39fa6702379e0bf49e35b4ac8605b13c8a69294b2ba049e7c165c165e8cae5998cd427ebebded8694742bfe0fbde74547c685a3abdd

  • SSDEEP

    6144:yUiASK68E7WCwgQAs3aqKtx1PGlBAEwWBRLMunwf:yhAN68hgQhJKn1624Rw

Malware Config

Extracted

Family

vidar

Version

8.6

Botnet

debff3f4f38e9beeaf8e215a762c8549

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • profile_id_v2

    debff3f4f38e9beeaf8e215a762c8549

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      b9220e18f15660f7649d01f17b9b787982442067449c0f27fce621f365b91edd.exe

    • Size

      278KB

    • MD5

      b6bbb03b84e589433f139d88ca24c62d

    • SHA1

      2eeeed07176de200eaf5bc207852781ddc5da2b5

    • SHA256

      b9220e18f15660f7649d01f17b9b787982442067449c0f27fce621f365b91edd

    • SHA512

      09075709691b8fba668184b2469c5bdc7174bcb3e16de2d046bf7abff6257f941e36d2a28db2e42b88807e1ba3c15165875fb82485c621d60f9001bed62ee4de

    • SSDEEP

      6144:5ok6GPg9b2t0eQnQqRRtf3G82ed6JcVsk:5D6GPg9b2t5+jRtfJdJB

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks