General

  • Target

    669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0c

  • Size

    571KB

  • Sample

    241008-lw4lsstenf

  • MD5

    67bde3658a9ffcf47a6103eb6df9c660

  • SHA1

    f527e481e7644a0d4b31af37d34226ccd8621ce8

  • SHA256

    669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0c

  • SHA512

    5ec51c39d9f652d3c2e719ed0b4f8ccb39c05b197b9a4fb7bb772743ea7fcffca5ac6ca4966341e012eeddfe12a3104743dbe5849c1c7cdd73001129648177da

  • SSDEEP

    12288:sGWivJ6LrcfSvaiNxA6fl95WCtobUz0Gcj/a4Sl:smJ6RvaMN++0GcL7O

Malware Config

Extracted

Family

vidar

Version

11

Botnet

04a7a73c13ab56b51bd29415d6338a92

C2

https://t.me/maslengdsa

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0c

    • Size

      571KB

    • MD5

      67bde3658a9ffcf47a6103eb6df9c660

    • SHA1

      f527e481e7644a0d4b31af37d34226ccd8621ce8

    • SHA256

      669520f903f4178a0b5365327369eab98a3e595dddcf1164324beeae8fca8b0c

    • SHA512

      5ec51c39d9f652d3c2e719ed0b4f8ccb39c05b197b9a4fb7bb772743ea7fcffca5ac6ca4966341e012eeddfe12a3104743dbe5849c1c7cdd73001129648177da

    • SSDEEP

      12288:sGWivJ6LrcfSvaiNxA6fl95WCtobUz0Gcj/a4Sl:smJ6RvaMN++0GcL7O

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.