General

  • Target

    2024-10-10_01729154c40a40425a5264a5fef52207_poet-rat_snatch

  • Size

    23.5MB

  • Sample

    241010-3qk1yayaln

  • MD5

    01729154c40a40425a5264a5fef52207

  • SHA1

    f38f34a98ef0c2e421105f82f10831d8fbc5d8b8

  • SHA256

    d56e1de5fb448b3cf491ee897bc79c615002f41991b2bedd6c76951e45e7e278

  • SHA512

    fba03eebe50f71cd646f9b0719cbce444d8e7a582609f796c9d03870868389835bba3c9a08c1b5edfdde19f9857e7a7111fa0f1de1be964e95e13d1098968b41

  • SSDEEP

    196608:Bq88qLzyuS5ZtWouVIURv5BBhsM60m7GPSDV:gHqsMaJ7GPSh

Malware Config

Extracted

Family

vidar

Version

11

Botnet

609c6fde840b81e0e5feb927e8ce8cec

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      2024-10-10_01729154c40a40425a5264a5fef52207_poet-rat_snatch

    • Size

      23.5MB

    • MD5

      01729154c40a40425a5264a5fef52207

    • SHA1

      f38f34a98ef0c2e421105f82f10831d8fbc5d8b8

    • SHA256

      d56e1de5fb448b3cf491ee897bc79c615002f41991b2bedd6c76951e45e7e278

    • SHA512

      fba03eebe50f71cd646f9b0719cbce444d8e7a582609f796c9d03870868389835bba3c9a08c1b5edfdde19f9857e7a7111fa0f1de1be964e95e13d1098968b41

    • SSDEEP

      196608:Bq88qLzyuS5ZtWouVIURv5BBhsM60m7GPSDV:gHqsMaJ7GPSh

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.