General

  • Target

    0db4390a6ba9cdab447bc71ca7d902690673ffa88225fbcd5fcab9e725678659

  • Size

    2.2MB

  • Sample

    240629-ntmllsxajg

  • MD5

    4d36ace884823215d066c797ee6545ff

  • SHA1

    63ab90eb2c3a4c1957d783a9c96203f02814097c

  • SHA256

    0db4390a6ba9cdab447bc71ca7d902690673ffa88225fbcd5fcab9e725678659

  • SHA512

    827f381efe17a2dfe663016d8606cef4a9cc7e69c5f9327c293147d97f55790ccb15ce822f266c553f876884647ec09b4119a2f07a9012754d89e8061cda5006

  • SSDEEP

    49152:qpjNvr9ySAOmw4NHHO+SASagXkJr4MDkUwm:qpjNp7p4NHH8n5A

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

    • Target

      0db4390a6ba9cdab447bc71ca7d902690673ffa88225fbcd5fcab9e725678659

    • Size

      2.2MB

    • MD5

      4d36ace884823215d066c797ee6545ff

    • SHA1

      63ab90eb2c3a4c1957d783a9c96203f02814097c

    • SHA256

      0db4390a6ba9cdab447bc71ca7d902690673ffa88225fbcd5fcab9e725678659

    • SHA512

      827f381efe17a2dfe663016d8606cef4a9cc7e69c5f9327c293147d97f55790ccb15ce822f266c553f876884647ec09b4119a2f07a9012754d89e8061cda5006

    • SSDEEP

      49152:qpjNvr9ySAOmw4NHHO+SASagXkJr4MDkUwm:qpjNp7p4NHH8n5A

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks