General

  • Target

    6d43de56b16f7efd2a0707e8cf851a9e51913a5be5ac849791edcb44a5c33876

  • Size

    2.2MB

  • Sample

    240628-n65mysybqe

  • MD5

    fadb7977c60456de558c24db06d49ba0

  • SHA1

    f86610e055d3dcf275284daf363412a5c8342a6d

  • SHA256

    6d43de56b16f7efd2a0707e8cf851a9e51913a5be5ac849791edcb44a5c33876

  • SHA512

    c56002349a33066607044b860b3b5c983356fea9c2eb5e9e8b4058d8ed8bea8365b0e2c1219e27ae1f0c5f3dc2b4898db237372c5ff307732a178ea0e902cd77

  • SSDEEP

    49152:qpjNvr9ySAOmw4lHHO+SASagXkJr4MDkUwm:qpjNp7p4lHH8n5A

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

    • Target

      6d43de56b16f7efd2a0707e8cf851a9e51913a5be5ac849791edcb44a5c33876

    • Size

      2.2MB

    • MD5

      fadb7977c60456de558c24db06d49ba0

    • SHA1

      f86610e055d3dcf275284daf363412a5c8342a6d

    • SHA256

      6d43de56b16f7efd2a0707e8cf851a9e51913a5be5ac849791edcb44a5c33876

    • SHA512

      c56002349a33066607044b860b3b5c983356fea9c2eb5e9e8b4058d8ed8bea8365b0e2c1219e27ae1f0c5f3dc2b4898db237372c5ff307732a178ea0e902cd77

    • SSDEEP

      49152:qpjNvr9ySAOmw4lHHO+SASagXkJr4MDkUwm:qpjNp7p4lHH8n5A

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks