General

  • Target

    SecuriteInfo.com.Win32.DropperX-gen.29341.16114.exe

  • Size

    5.3MB

  • Sample

    240802-ww16sazarh

  • MD5

    d8506a1a17c1b7452fc9e94ce5568900

  • SHA1

    d1d281538ddd3cc45a6bb29380dc1d7330e4bd0d

  • SHA256

    9daffaea889ac9a0a94e711c815ef8f8d17878c00dc802033300e46f35ccbc29

  • SHA512

    0b8d671333d70f341cec6eeb8cfad1169251980305b19b31f96345f8c797fd0dd97d4b7fd40ad28412e1340829a2c82f253577a26403ea567cd2cb1dd6ba0e9b

  • SSDEEP

    98304:Q3QwuwsuAyobBzVlwVNwo7MhtCzLY8QcTEcX/ssSR/UoUSAKBasi930z:kQ1Hj1RlwPwo7MhtCA8QBskVMoU0Ba72

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199735694209

https://t.me/puffclou

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1

Targets

    • Target

      SecuriteInfo.com.Win32.DropperX-gen.29341.16114.exe

    • Size

      5.3MB

    • MD5

      d8506a1a17c1b7452fc9e94ce5568900

    • SHA1

      d1d281538ddd3cc45a6bb29380dc1d7330e4bd0d

    • SHA256

      9daffaea889ac9a0a94e711c815ef8f8d17878c00dc802033300e46f35ccbc29

    • SHA512

      0b8d671333d70f341cec6eeb8cfad1169251980305b19b31f96345f8c797fd0dd97d4b7fd40ad28412e1340829a2c82f253577a26403ea567cd2cb1dd6ba0e9b

    • SSDEEP

      98304:Q3QwuwsuAyobBzVlwVNwo7MhtCzLY8QcTEcX/ssSR/UoUSAKBasi930z:kQ1Hj1RlwPwo7MhtCA8QBskVMoU0Ba72

    • Detect Vidar Stealer

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks