General
-
Target
53b51d76beb8782891e627404126b372b3f48a649521b0c1ef47ed5ad48e4037
-
Size
2.2MB
-
Sample
240629-3g8qmszajb
-
MD5
227740c4a9b042666395bf8bbb8ef825
-
SHA1
d0873271017ec0afe3dd800b040a91a10e2cab0b
-
SHA256
53b51d76beb8782891e627404126b372b3f48a649521b0c1ef47ed5ad48e4037
-
SHA512
a57f91788086ce99eac404ff195a0c4c3c1b9cfb3984d4a87e5088e8975f3ae69872a522d23c4661ce611f4cda99b8ca610558f5fa7212d2ff03ab09bfc0021d
-
SSDEEP
49152:qpjNvr9ySAOmw4ZHHO+SASagXkJr4MDkUwm:qpjNp7p4ZHH8n5A
Static task
static1
Behavioral task
behavioral1
Sample
53b51d76beb8782891e627404126b372b3f48a649521b0c1ef47ed5ad48e4037.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
53b51d76beb8782891e627404126b372b3f48a649521b0c1ef47ed5ad48e4037
-
Size
2.2MB
-
MD5
227740c4a9b042666395bf8bbb8ef825
-
SHA1
d0873271017ec0afe3dd800b040a91a10e2cab0b
-
SHA256
53b51d76beb8782891e627404126b372b3f48a649521b0c1ef47ed5ad48e4037
-
SHA512
a57f91788086ce99eac404ff195a0c4c3c1b9cfb3984d4a87e5088e8975f3ae69872a522d23c4661ce611f4cda99b8ca610558f5fa7212d2ff03ab09bfc0021d
-
SSDEEP
49152:qpjNvr9ySAOmw4ZHHO+SASagXkJr4MDkUwm:qpjNp7p4ZHH8n5A
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-