General

  • Target

    023d20cf348044b1596ab0aa458ae49ce02a47eeb2c7bdda5bfa3354b7319ea5.zip

  • Size

    135KB

  • Sample

    240402-qs9qvsbe2w

  • MD5

    04fc4342d203c25b7aa730d1775fde4e

  • SHA1

    4da5a9481a70dcd368b706d409a86c5a5f5b8ebd

  • SHA256

    e9b7e139e80c8a32af3716a71758350c7776b7e0e259e3716530f723690101b9

  • SHA512

    a5d36b1108178a7a39869d1919490f81aeef33864a7f5e6f2a94ab5a37e53549206d27b2df0eff675ad5c9792edb0c47b42f46778e22007ea2124f7b43fe661a

  • SSDEEP

    3072:g1jzEVkjXXodky+Y1KLoITpwaK/5DFAUyrccPEyPBN3NXT:oz1XYdkyd1moITq1FAUyrbPTFT

Malware Config

Extracted

Family

vidar

Version

6.4

Botnet

181eb512368c942704e3ada53738a1d7

C2

https://t.me/secgoxrp

https://steamcommunity.com/profiles/76561199568528949

Attributes
  • profile_id_v2

    181eb512368c942704e3ada53738a1d7

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:110.0) Gecko/20100101 Firefox/121.0

Targets

    • Target

      023d20cf348044b1596ab0aa458ae49ce02a47eeb2c7bdda5bfa3354b7319ea5.exe

    • Size

      203KB

    • MD5

      ee2d92b118a44254be173a6f95ea009d

    • SHA1

      b8f203dd1831c283cbdc15639f5bbd69182f2d14

    • SHA256

      023d20cf348044b1596ab0aa458ae49ce02a47eeb2c7bdda5bfa3354b7319ea5

    • SHA512

      cdb9aa222b6bf08411e1c4619ea704bcff0653135051649b9cc82427265be274cc240ab704bf2de2571f8274c80b13c5f406c9dfcbb9f4308846a3febdaf5395

    • SSDEEP

      3072:QGiOQBQI6uRWodJFBXF/XOdkq45kuQgyFNHiGtOdRISC:f0R6M3dRsdkqy0NHiNC

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks