General

  • Target

    8322608c6f06c924458946685ff76fd1a4dc676e4cab3acf1312fb9ab5143bd4.zip

  • Size

    211KB

  • Sample

    240402-qgnz1sbc39

  • MD5

    ee77d4c6e014dc2ca67bd65d4ea72cdd

  • SHA1

    ff5e440d85cd65ba0c0d9f3818f0e53a7ed51c4c

  • SHA256

    5a1343a812954349959b04323644f7e6cac3045f44da4a2f2721b55ff5ab7640

  • SHA512

    6e4cc7d3a26755e3af1dd34d91c493b37fc3e7647870921427a75073a1c6ca587ee9438653da9274057a26d4b5a0053d2de17201014accc52f734f009ea99ede

  • SSDEEP

    6144:HM7Nj3814L48LReK3FWSQ797LvMBUN4ifL8l3wdDD8oaR3:gL48NFXQ79/lNBZ8oaR3

Malware Config

Extracted

Family

vidar

Version

8.6

Botnet

debff3f4f38e9beeaf8e215a762c8549

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • profile_id_v2

    debff3f4f38e9beeaf8e215a762c8549

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      8322608c6f06c924458946685ff76fd1a4dc676e4cab3acf1312fb9ab5143bd4.exe

    • Size

      224KB

    • MD5

      aba4db269a810b878f86ffabb47ca06c

    • SHA1

      d141ffdd0842ccbe7e471fd84d2dc0a64b4a954b

    • SHA256

      8322608c6f06c924458946685ff76fd1a4dc676e4cab3acf1312fb9ab5143bd4

    • SHA512

      8dc43e4375180340bf78701aed48d4c9ace51d3a02d461ed9af9245407d01e5ad51e8408b819a396bf57c50dc5bd94caf60f6beae4f1cfba7beefcca893b370d

    • SSDEEP

      3072:fx/loYA7RGHfvz9Qd8TSh3e0gc2Fk798FoCLP/SFpn4B9MgVCNu2WxyhvXED:pLA7MzSd3e0gcmg4oaW4Xdxym

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks