vidar | c106fe6c62aec26b8d9c20d0951cea4cc3468311d50611ce29a9d07301bd9793

Sharing

Copy URL

Twitter E-mail

General

Target

c106fe6c62aec26b8d9c20d0951cea4cc3468311d50611ce29a9d07301bd9793
Size

95KB
MD5

a00506faa829d22e64c687df13e0f261
SHA1

6acbab95b8821fe265f9edef3d3945aafccdf31d
SHA256

c106fe6c62aec26b8d9c20d0951cea4cc3468311d50611ce29a9d07301bd9793
SHA512

5679e80a073e9110fea005b11d8244531ac36c47ea486c788dc3cd9d6e2dd22f9cd56cc09102f0417b9eb21a48cc3d89524217ff24036efd5a8139743e81b621
SSDEEP

1536:Ok21F0mrL1339v3C1Y+/ZkSdvJax3X8D3YUxfHoPLesAld8F/M42Ntnby3KKd3kq:Ok21im/1H9gh5JCX8DnxfUjjMm3R3+5e

Score

10^/10

stealer vidar stealc

Malware Config

Extracted

Family

vidar

https://t.me/bu77un

https://steamcommunity.com/profiles/76561199730044335

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
static1/unpack001/47e7322c2ff85274fed0726ef42f3b7be3f7a62466e76ad05126767151024306.exe	family_vidar_v7

Stealc family
stealc
Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/47e7322c2ff85274fed0726ef42f3b7be3f7a62466e76ad05126767151024306.exe

Files

c106fe6c62aec26b8d9c20d0951cea4cc3468311d50611ce29a9d07301bd9793
.zip

Password: infected
47e7322c2ff85274fed0726ef42f3b7be3f7a62466e76ad05126767151024306.exe
.exe windows:5 windows x86 arch:x86

14b0ac3afcc0fd8a741f8eb3917d4d03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcslen
memcmp
strlen
??_U@YAPAXI@Z
srand
rand
strncpy
malloc
_wtoi64
atexit
memchr
??_V@YAXPAX@Z
__CxxFrameHandler3
memmove
strtok_s
strchr
strcpy_s
memcpy
memset

kernel32

MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetCurrentProcess
LocalAlloc
lstrlenA
HeapFree
ReadProcessMemory
VirtualQueryEx
OpenProcess
HeapAlloc
GetProcessHeap
GetStringTypeW
FileTimeToSystemTime
CloseHandle
CreateProcessA
GetDriveTypeA
GetLogicalDriveStringsA
WaitForSingleObject
CreateThread
CreateDirectoryA
GetProcAddress
LoadLibraryA
lstrlenW
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
lstrcatA
lstrcpyA
GetCPInfo
GetComputerNameA
LoadLibraryW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsSetValue
TlsGetValue
GetModuleFileNameW
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetModuleHandleW
Sleep
GetStdHandle

user32

CharToOemA
GetDesktopWindow
wsprintfW

advapi32

GetUserNameA
RegOpenKeyExA
RegGetValueA
GetCurrentHwProfileA

shell32

SHFileOperationA

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

ord155

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

14b0ac3afcc0fd8a741f8eb3917d4d03

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 9KB - Virtual size: 2.1MB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 9KB - Virtual size: 2.1MB

.reloc
Size: 18KB - Virtual size: 17KB