General
-
Target
113becce6e3bab10d6b357ddacd9d907ef3d5e9955bcb8198a6df280b280f3ee
-
Size
2.2MB
-
Sample
240628-2yjx6sxenr
-
MD5
854ca1d141228bad520c0d16310a9c9a
-
SHA1
cdbb28fb50bf7f9567132d20315d3f09a24cccb4
-
SHA256
113becce6e3bab10d6b357ddacd9d907ef3d5e9955bcb8198a6df280b280f3ee
-
SHA512
d83d9dc2fc494c038e77874ca6f38bd33b59d5808db559d9b568306ad78b7d87ffaa93a1ccdd7db5c9d1506f8e29e82975d6a696f6bebd594bb1d714087ad695
-
SSDEEP
49152:qpjNvr9ySAOmw49HHO+SASagXkJr4MDkUwm:qpjNp7p49HH8n5A
Static task
static1
Behavioral task
behavioral1
Sample
113becce6e3bab10d6b357ddacd9d907ef3d5e9955bcb8198a6df280b280f3ee.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
113becce6e3bab10d6b357ddacd9d907ef3d5e9955bcb8198a6df280b280f3ee
-
Size
2.2MB
-
MD5
854ca1d141228bad520c0d16310a9c9a
-
SHA1
cdbb28fb50bf7f9567132d20315d3f09a24cccb4
-
SHA256
113becce6e3bab10d6b357ddacd9d907ef3d5e9955bcb8198a6df280b280f3ee
-
SHA512
d83d9dc2fc494c038e77874ca6f38bd33b59d5808db559d9b568306ad78b7d87ffaa93a1ccdd7db5c9d1506f8e29e82975d6a696f6bebd594bb1d714087ad695
-
SSDEEP
49152:qpjNvr9ySAOmw49HHO+SASagXkJr4MDkUwm:qpjNp7p49HH8n5A
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-