General

  • Target

    07580824cb184e20ad7ed84d649ccafe08b2177e5cbd5c7ca7d8a4fc598d094e

  • Size

    2.2MB

  • Sample

    240628-rs3g8axdkr

  • MD5

    ad9dbf1378b53cf4c1927f77a5c7079d

  • SHA1

    bc351580aac9d64dd2e52d7e519c017209a10687

  • SHA256

    07580824cb184e20ad7ed84d649ccafe08b2177e5cbd5c7ca7d8a4fc598d094e

  • SHA512

    1f04d8aa936800ba82159df88ea2e96f0cf03644935e4eef689b7c3cd11a7b3f66eaaf5e9233694f8cbb6fdc0745bafbee99fe7a34419782acef936780a23552

  • SSDEEP

    49152:qpjNvr9ySAOmw4ZHHO+SASagXkJr4MDkUwm:qpjNp7p4ZHH8n5A

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

    • Target

      07580824cb184e20ad7ed84d649ccafe08b2177e5cbd5c7ca7d8a4fc598d094e

    • Size

      2.2MB

    • MD5

      ad9dbf1378b53cf4c1927f77a5c7079d

    • SHA1

      bc351580aac9d64dd2e52d7e519c017209a10687

    • SHA256

      07580824cb184e20ad7ed84d649ccafe08b2177e5cbd5c7ca7d8a4fc598d094e

    • SHA512

      1f04d8aa936800ba82159df88ea2e96f0cf03644935e4eef689b7c3cd11a7b3f66eaaf5e9233694f8cbb6fdc0745bafbee99fe7a34419782acef936780a23552

    • SSDEEP

      49152:qpjNvr9ySAOmw4ZHHO+SASagXkJr4MDkUwm:qpjNp7p4ZHH8n5A

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks