General

  • Target

    691b46c7437376eb222b6223d1509e58dae34ca40b6e02db37e9690ea97d1431.zip

  • Size

    2.7MB

  • Sample

    240402-qgnz1sba21

  • MD5

    e2914dcfba9b61735393b999a138e241

  • SHA1

    cb46bcee42cba2217be72b5c7b9d722b262ba5ea

  • SHA256

    8e0de9176de54fa7e92f018bfcd726efdc2cd0341016127f14b37056cf49296b

  • SHA512

    336faace772b1ef86b5fa26282ec6c0a69a2b22d6b06201f3f18007c9f149297bcaee05673ccdf117648ab9bc3080c857948b324674f9ffd3439526487c820be

  • SSDEEP

    49152:CDSKGjzrb4C40q9PNo43BlbcbfD/s/OUAZDVzKq4TuXZCtg4rgHJROuqaNqNmxL4:CDSKGjn8J0AXWkOUAZDV+qkuMaQNmxL4

Malware Config

Extracted

Family

vidar

Version

8.6

Botnet

22d12fb91f01647fe2107fec81f0cc22

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • profile_id_v2

    22d12fb91f01647fe2107fec81f0cc22

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      691b46c7437376eb222b6223d1509e58dae34ca40b6e02db37e9690ea97d1431.exe

    • Size

      4.9MB

    • MD5

      9efa9907423cc7a421c7008bd8a0bf0d

    • SHA1

      d147885ce6f126c41ca47dbdbb48a4bcabc5dfb3

    • SHA256

      691b46c7437376eb222b6223d1509e58dae34ca40b6e02db37e9690ea97d1431

    • SHA512

      894a3e2090c2b3298bb08eab81832dd76bdb9d4c0b59642477666d97d088d3da38ec0a7605332bda7ddb432eb775fd7853d51d6436ce647b5a89d4bed8ac59a1

    • SSDEEP

      49152:OmhxjW6ncW+4Zb15jx2QZ88rPKsm+9BnHrkBnqFoniEqtVwSoiG9/u8T2XXNwiv7:OmhxjW6ncWFZbd7Hrk5HnlmAX2Xdwi

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks