General
-
Target
13c42c85bbeaac50ca5cebc9433e1b12c7f2072a833f60c54d59375993af2ecc.exe
-
Size
404KB
-
Sample
241005-s7ns2swdpr
-
MD5
10e555691e5bd8608d3afde0c81a61e4
-
SHA1
37480fa81dca9c7fa109820b0b86ed3ec7258b04
-
SHA256
13c42c85bbeaac50ca5cebc9433e1b12c7f2072a833f60c54d59375993af2ecc
-
SHA512
e4280c7b1c114b5b3dba3caa976604c77e69a782ecbff6cdb4c21653016878f90c8bcebd336dd288721ec38f464cd2a78e1bfe0b886e0bcb8a5fd610836df291
-
SSDEEP
6144:kyt602OmYh5I7KU9QPrVI5IgQ0jolIMaszHQTh1u1KjjY9tbCDdBNkioEO:kdt7YMOU2hkflq3jHihamE912kioEO
Malware Config
Extracted
vidar
11
3c2b9e69b31bab816bc6aaf265216d69
https://t.me/jamsemlg
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Targets
-
-
Target
13c42c85bbeaac50ca5cebc9433e1b12c7f2072a833f60c54d59375993af2ecc.exe
-
Size
404KB
-
MD5
10e555691e5bd8608d3afde0c81a61e4
-
SHA1
37480fa81dca9c7fa109820b0b86ed3ec7258b04
-
SHA256
13c42c85bbeaac50ca5cebc9433e1b12c7f2072a833f60c54d59375993af2ecc
-
SHA512
e4280c7b1c114b5b3dba3caa976604c77e69a782ecbff6cdb4c21653016878f90c8bcebd336dd288721ec38f464cd2a78e1bfe0b886e0bcb8a5fd610836df291
-
SSDEEP
6144:kyt602OmYh5I7KU9QPrVI5IgQ0jolIMaszHQTh1u1KjjY9tbCDdBNkioEO:kdt7YMOU2hkflq3jHihamE912kioEO
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1