General

  • Target

    b9220e18f15660f7649d01f17b9b787982442067449c0f27fce621f365b91edd.zip

  • Size

    239KB

  • Sample

    240402-qgpasabc43

  • MD5

    b3383baba1c4b170212674f408f29ba5

  • SHA1

    0e9c6fe4a4748f67661d48d309ffb1fc4a7d45e9

  • SHA256

    255e0ea8c1428dbe612a52e7674497fb4ec5803d6a896abcaf7d96575b7eef93

  • SHA512

    d10f35b8d0455047a15dd6de9752d8637de5fbb29bdd97a3f79bc60d9bbae77d6a6c86f4092f04696909380a1b8db3ce6e3c66909609214aeb26b10f2811eead

  • SSDEEP

    6144:F8b8wROnw3JZ3/tOPgGCdq9gawzRCAlcPtbf7S:Q8wROniJZVSgGn8dCAlcPtbf7S

Malware Config

Extracted

Family

vidar

Version

8.6

Botnet

debff3f4f38e9beeaf8e215a762c8549

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • profile_id_v2

    debff3f4f38e9beeaf8e215a762c8549

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      b9220e18f15660f7649d01f17b9b787982442067449c0f27fce621f365b91edd.exe

    • Size

      278KB

    • MD5

      b6bbb03b84e589433f139d88ca24c62d

    • SHA1

      2eeeed07176de200eaf5bc207852781ddc5da2b5

    • SHA256

      b9220e18f15660f7649d01f17b9b787982442067449c0f27fce621f365b91edd

    • SHA512

      09075709691b8fba668184b2469c5bdc7174bcb3e16de2d046bf7abff6257f941e36d2a28db2e42b88807e1ba3c15165875fb82485c621d60f9001bed62ee4de

    • SSDEEP

      6144:5ok6GPg9b2t0eQnQqRRtf3G82ed6JcVsk:5D6GPg9b2t5+jRtfJdJB

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks