General

  • Target

    93dc2f406a0ca3344d70f217856858b2507493b535c86402915ab2e3e22e7c6e

  • Size

    2.2MB

  • Sample

    240628-t25p2szbnq

  • MD5

    a484e226e2165db47ba0559e285d6525

  • SHA1

    170b97ba9a9a899938f8130f3e59a550054729be

  • SHA256

    93dc2f406a0ca3344d70f217856858b2507493b535c86402915ab2e3e22e7c6e

  • SHA512

    ace6a48f592b3084828fbdf4faafff7986fc407e78f4da843014f4b28da7441889de1c34900718dfe0f1106c50cad66dc63174b80826d5b2e8c4b5adeeebd658

  • SSDEEP

    49152:qpjNvr9ySAOmw4FHHO+SASagXkJr4MDkUwm:qpjNp7p4FHH8n5A

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

    • Target

      93dc2f406a0ca3344d70f217856858b2507493b535c86402915ab2e3e22e7c6e

    • Size

      2.2MB

    • MD5

      a484e226e2165db47ba0559e285d6525

    • SHA1

      170b97ba9a9a899938f8130f3e59a550054729be

    • SHA256

      93dc2f406a0ca3344d70f217856858b2507493b535c86402915ab2e3e22e7c6e

    • SHA512

      ace6a48f592b3084828fbdf4faafff7986fc407e78f4da843014f4b28da7441889de1c34900718dfe0f1106c50cad66dc63174b80826d5b2e8c4b5adeeebd658

    • SSDEEP

      49152:qpjNvr9ySAOmw4FHHO+SASagXkJr4MDkUwm:qpjNp7p4FHH8n5A

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks