General

  • Target

    52b7235a431fe2a5230fdbf71d81f17e83903fa7aaa8b2433bc4d649c35029d7.exe

  • Size

    214KB

  • Sample

    240408-bvhmtscf5z

  • MD5

    f4de3cf6835582c816968431566ca4fe

  • SHA1

    ef0af247d1cc1ddfb3b54357a0c3481e10d54130

  • SHA256

    52b7235a431fe2a5230fdbf71d81f17e83903fa7aaa8b2433bc4d649c35029d7

  • SHA512

    01f53ef03059f3abd1ad62fd9442295e3261290455b00667a00dad3f4248c3e2a62c1bf708657ed810c40f8523c403379419b6568b5c2732348205c276518e83

  • SSDEEP

    3072:ojETl3ODx1Wr/jq2LEiyDYGv0gHy2ymX6IOr6AVAMBkL6fWVugPrX4IB1JrppUxe:oI3YijxGv9y2b6/RvWFI2Jrpg

Score
10/10

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199662282318

https://t.me/t8jmhl

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0

Targets

    • Target

      52b7235a431fe2a5230fdbf71d81f17e83903fa7aaa8b2433bc4d649c35029d7.exe

    • Size

      214KB

    • MD5

      f4de3cf6835582c816968431566ca4fe

    • SHA1

      ef0af247d1cc1ddfb3b54357a0c3481e10d54130

    • SHA256

      52b7235a431fe2a5230fdbf71d81f17e83903fa7aaa8b2433bc4d649c35029d7

    • SHA512

      01f53ef03059f3abd1ad62fd9442295e3261290455b00667a00dad3f4248c3e2a62c1bf708657ed810c40f8523c403379419b6568b5c2732348205c276518e83

    • SSDEEP

      3072:ojETl3ODx1Wr/jq2LEiyDYGv0gHy2ymX6IOr6AVAMBkL6fWVugPrX4IB1JrppUxe:oI3YijxGv9y2b6/RvWFI2Jrpg

    Score
    10/10
    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks