General
-
Target
b8a5ef9ea9fa588907a197db55c743559460190aa58b227db10d6be75d8bfe39
-
Size
11.1MB
-
Sample
240812-fr4hcawhmn
-
MD5
45c0d8bedd6bff145cbe1c3064f2cf56
-
SHA1
5a68f160bde8531f0b38ed8f9c6b19b7e615a905
-
SHA256
b8a5ef9ea9fa588907a197db55c743559460190aa58b227db10d6be75d8bfe39
-
SHA512
3963adecb4ee013b54c926328fe0d6576d291dcae0ead3f675c38ddb51b2747e0469179fa4903e3237fe2beea7079f67da377f3787b3bd4ddba8694102af0703
-
SSDEEP
196608:uq5Uz55kDba3q4c1X2usHfdV5bvMzeO/FmwuAf0+OTZ5l3:ur55kPa3qEbHfdVRvI50wnVOj
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199751190313
https://t.me/pech0nk
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Targets
-
-
Target
b8a5ef9ea9fa588907a197db55c743559460190aa58b227db10d6be75d8bfe39
-
Size
11.1MB
-
MD5
45c0d8bedd6bff145cbe1c3064f2cf56
-
SHA1
5a68f160bde8531f0b38ed8f9c6b19b7e615a905
-
SHA256
b8a5ef9ea9fa588907a197db55c743559460190aa58b227db10d6be75d8bfe39
-
SHA512
3963adecb4ee013b54c926328fe0d6576d291dcae0ead3f675c38ddb51b2747e0469179fa4903e3237fe2beea7079f67da377f3787b3bd4ddba8694102af0703
-
SSDEEP
196608:uq5Uz55kDba3q4c1X2usHfdV5bvMzeO/FmwuAf0+OTZ5l3:ur55kPa3qEbHfdVRvI50wnVOj
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2