Resubmissions

11-12-2024 17:42

241211-v97eaaspes 10

11-12-2024 17:40

241211-v9bbvaxleq 10

01-10-2024 21:39

241001-1h1ejs1hkq 10

29-08-2024 12:54

240829-p5n49avaqp 10

17-08-2024 17:42

240817-v94y6a1cqp 10

17-08-2024 09:57

240817-ly41casgkj 10

General

  • Target

    66bddfcb52736_vidar.bin.zip

  • Size

    187KB

  • Sample

    241001-1h1ejs1hkq

  • MD5

    a284b21c1e928fe4ede4ddbeddfcd391

  • SHA1

    d5260a53b780a6308c639d2b89116ef5bbe992d7

  • SHA256

    8b34e6283a4e30009a0ad792723817cfb0d5cdbbbe119948aa6e887bd59e1620

  • SHA512

    64ee76b87be812c3c82c5716cd3d7c7065c0522fdbd774b1d745d67ab69a2299df3dd9d52e150188b860c9220435658fb3140f7317ad59a3fac76f864337203a

  • SSDEEP

    3072:6NaGrsZYYgA7AaNGNjF1kTWWdNYArOLE99nkVHr/8J9bykSEN2vvBhat0658GZqa:GSuYvfN+4TZNYAKLGaHb09q0eBIO658W

Malware Config

Extracted

Family

vidar

Version

10.7

Botnet

877956da9963e0825aa43a159a358f24

C2

https://steamcommunity.com/profiles/76561199751190313

https://t.me/pech0nk

Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Targets

    • Target

      66bddfcb52736_vidar.bin

    • Size

      190KB

    • MD5

      fedb687ed23f77925b35623027f799bb

    • SHA1

      7f27d0290ecc2c81bf2b2d0fa1026f54fd687c81

    • SHA256

      325396d5ffca8546730b9a56c2d0ed99238d48b5e1c3c49e7d027505ea13b8d1

    • SHA512

      6d1fa39560f4d7ca57905bc57d615acf96b1ef69ca2a4d7c0353278e8d4466298ed87f514463c49d671cb0e3b6a269a78636a10a1e463dba5c83fe067dc5df18

    • SSDEEP

      3072:XqsEJybpRHuJKKBardRei4UGvI96/ZO6RAkeOCeP9sZy28se:XqsMyNRHuKikUi42KZO6PffmZy2d

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks