General
-
Target
544cea9044d4f6cdedc6d41700c7db44194e3ccf1a467bce15b7e013e7b388da.exe
-
Size
1.1MB
-
Sample
241027-v5ehps1cnm
-
MD5
3dda292f77b97dfbdc3e00053784a136
-
SHA1
824be91ad1f3422204b8b6368f481c47d5c41338
-
SHA256
544cea9044d4f6cdedc6d41700c7db44194e3ccf1a467bce15b7e013e7b388da
-
SHA512
62a7432fb8e4b6a4e1eb0918642d4bee02e55e239d90ce8fc16e4441694c435c11d53a71ac47adf82603679de3b5e7e22dec749394d3c95790c40ce01bf31ca2
-
SSDEEP
24576:LSeqDj22FCrg559kuT8TBNRU5Vg/8HuvKHR4uCc9lnlJkYn:LhqXlr55XTU3RQ3HWKx1C6ZlJkYn
Static task
static1
Behavioral task
behavioral1
Sample
544cea9044d4f6cdedc6d41700c7db44194e3ccf1a467bce15b7e013e7b388da.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
544cea9044d4f6cdedc6d41700c7db44194e3ccf1a467bce15b7e013e7b388da.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
https://t.me/asg7rd
https://steamcommunity.com/profiles/76561199794498376
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
544cea9044d4f6cdedc6d41700c7db44194e3ccf1a467bce15b7e013e7b388da.exe
-
Size
1.1MB
-
MD5
3dda292f77b97dfbdc3e00053784a136
-
SHA1
824be91ad1f3422204b8b6368f481c47d5c41338
-
SHA256
544cea9044d4f6cdedc6d41700c7db44194e3ccf1a467bce15b7e013e7b388da
-
SHA512
62a7432fb8e4b6a4e1eb0918642d4bee02e55e239d90ce8fc16e4441694c435c11d53a71ac47adf82603679de3b5e7e22dec749394d3c95790c40ce01bf31ca2
-
SSDEEP
24576:LSeqDj22FCrg559kuT8TBNRU5Vg/8HuvKHR4uCc9lnlJkYn:LhqXlr55XTU3RQ3HWKx1C6ZlJkYn
Score10/10-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4