General
-
Target
2a5d249ebceed527e7ea8d3e5bd9f6769dca5731d45fa4a2aa1495a28b96f98b
-
Size
274KB
-
Sample
240919-2gdd3avaja
-
MD5
cedcd86d234896b7a4f145f0d0c2afc7
-
SHA1
4c4e420ba4c157bbf1b93f4822b242a2a9dd304a
-
SHA256
2a5d249ebceed527e7ea8d3e5bd9f6769dca5731d45fa4a2aa1495a28b96f98b
-
SHA512
eb70d3ccf6970256155ae533407a1d904092356272b9ebffead37fbf55a8530f07e19b5ab3990e3ab4ff8c5f82e4413eaed99e605d33a0a28878ff99d5c5ae75
-
SSDEEP
6144:tevsJRmJAvNCf3GIaWAlgO6dEkcsLOTvisCKsB:tgGRmJUSGYAt6dEkcVTvlsB
Static task
static1
Behavioral task
behavioral1
Sample
2a5d249ebceed527e7ea8d3e5bd9f6769dca5731d45fa4a2aa1495a28b96f98b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2a5d249ebceed527e7ea8d3e5bd9f6769dca5731d45fa4a2aa1495a28b96f98b.exe
Resource
win10-20240404-en
Malware Config
Extracted
vidar
https://t.me/edm0d
https://steamcommunity.com/profiles/76561199768374681
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
Targets
-
-
Target
2a5d249ebceed527e7ea8d3e5bd9f6769dca5731d45fa4a2aa1495a28b96f98b
-
Size
274KB
-
MD5
cedcd86d234896b7a4f145f0d0c2afc7
-
SHA1
4c4e420ba4c157bbf1b93f4822b242a2a9dd304a
-
SHA256
2a5d249ebceed527e7ea8d3e5bd9f6769dca5731d45fa4a2aa1495a28b96f98b
-
SHA512
eb70d3ccf6970256155ae533407a1d904092356272b9ebffead37fbf55a8530f07e19b5ab3990e3ab4ff8c5f82e4413eaed99e605d33a0a28878ff99d5c5ae75
-
SSDEEP
6144:tevsJRmJAvNCf3GIaWAlgO6dEkcsLOTvisCKsB:tgGRmJUSGYAt6dEkcVTvlsB
Score10/10-
Detect Vidar Stealer
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4