General
-
Target
bf41950c2b87050f69bbcb6cb810e990d9a1f60a7109e8a3ba4668f2e397db96
-
Size
401KB
-
Sample
240926-2624qashjr
-
MD5
5f1ea69f876e6c0b3f52c49cb56a5933
-
SHA1
25efa25249943f752eb980d33a9945f126310fa9
-
SHA256
bf41950c2b87050f69bbcb6cb810e990d9a1f60a7109e8a3ba4668f2e397db96
-
SHA512
b6636579c7ef7b18e65bbf331527e3069c3b3c403fc21744f1692f1f882dc2e67ebc4c003ca857b2fa460fcc9e078f6c4dbbb1205d232f198e8046c7036dd2b3
-
SSDEEP
12288:DuSEc/XKSAotoNQQGqlWAmyF0x3EGXY0kD:DIcPKTotHQ5Wzp5SD
Malware Config
Extracted
vidar
11
b438a316528fda660b5e4e28911b77a1
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Targets
-
-
Target
bf41950c2b87050f69bbcb6cb810e990d9a1f60a7109e8a3ba4668f2e397db96
-
Size
401KB
-
MD5
5f1ea69f876e6c0b3f52c49cb56a5933
-
SHA1
25efa25249943f752eb980d33a9945f126310fa9
-
SHA256
bf41950c2b87050f69bbcb6cb810e990d9a1f60a7109e8a3ba4668f2e397db96
-
SHA512
b6636579c7ef7b18e65bbf331527e3069c3b3c403fc21744f1692f1f882dc2e67ebc4c003ca857b2fa460fcc9e078f6c4dbbb1205d232f198e8046c7036dd2b3
-
SSDEEP
12288:DuSEc/XKSAotoNQQGqlWAmyF0x3EGXY0kD:DIcPKTotHQ5Wzp5SD
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1