General

  • Target

    spoofer.exe

  • Size

    446KB

  • Sample

    240629-wsqwmswbmk

  • MD5

    d2961b6726f53f641bf2c377ed228042

  • SHA1

    e5cb89dcd1f5e442bab8b02547ab63b5d1b6f99c

  • SHA256

    7fa220b9534f751f7ec40805e2b41a30307b42aef86577b2368bc4e7af3f7e0f

  • SHA512

    cf8cfa7782971c4557d8386947a9e321aab490601971d8be867f4acf31d758e94a75cc935e272d2afc490ded6c57b5d42ec295a260395b18ffbe64704b94ac1e

  • SSDEEP

    6144:JMQvO+XbL8upVFAUH9DhM3GCWxJwHuaovV73/ItQdZPy3URVyIWMYQ:RvOmbLvWUH9zCyV73QudZqURVyIlY

Malware Config

Extracted

Family

vidar

Version

8.3

Botnet

e8a390631b867d183ac7447da853207e

C2

https://steamcommunity.com/profiles/76561199651834633

https://t.me/raf6ik

Attributes
  • profile_id_v2

    e8a390631b867d183ac7447da853207e

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0

Targets

    • Target

      spoofer.exe

    • Size

      446KB

    • MD5

      d2961b6726f53f641bf2c377ed228042

    • SHA1

      e5cb89dcd1f5e442bab8b02547ab63b5d1b6f99c

    • SHA256

      7fa220b9534f751f7ec40805e2b41a30307b42aef86577b2368bc4e7af3f7e0f

    • SHA512

      cf8cfa7782971c4557d8386947a9e321aab490601971d8be867f4acf31d758e94a75cc935e272d2afc490ded6c57b5d42ec295a260395b18ffbe64704b94ac1e

    • SSDEEP

      6144:JMQvO+XbL8upVFAUH9DhM3GCWxJwHuaovV73/ItQdZPy3URVyIWMYQ:RvOmbLvWUH9zCyV73QudZqURVyIlY

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks