General
-
Target
tp3host.exe
-
Size
5.0MB
-
Sample
241029-qkbtvswrhq
-
MD5
fb08f2cb20523c34a7c01e2f565774a1
-
SHA1
212f6bb39ab33ea61abaf69e35da3449db39d1d8
-
SHA256
9a42637e8c5229a0b84c28892e030c5b9d07cd32ccb5bdc0cc6f0633113c8fe2
-
SHA512
c7e650e8b7d4f1ece36f1dd1427ee200ed824a032ea6b3452a5f3f68edca4605f5f94c5ee2730dcc9016c8d8fea355fddf2d47aecdf23e574cd431307d0d143d
-
SSDEEP
98304:Uj/lHucccKPaU8XiVvC+0NZFaQCATWzEBBP+mGB6:UblVchPIXiVKPPa0BBGmGB6
Static task
static1
Behavioral task
behavioral1
Sample
tp3host.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
tp3host.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
8
Extracted
vidar
https://t.me/fun88rockskek
https://t.me/asg7rd
https://steamcommunity.com/profiles/76561199794498376
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
tp3host.exe
-
Size
5.0MB
-
MD5
fb08f2cb20523c34a7c01e2f565774a1
-
SHA1
212f6bb39ab33ea61abaf69e35da3449db39d1d8
-
SHA256
9a42637e8c5229a0b84c28892e030c5b9d07cd32ccb5bdc0cc6f0633113c8fe2
-
SHA512
c7e650e8b7d4f1ece36f1dd1427ee200ed824a032ea6b3452a5f3f68edca4605f5f94c5ee2730dcc9016c8d8fea355fddf2d47aecdf23e574cd431307d0d143d
-
SSDEEP
98304:Uj/lHucccKPaU8XiVvC+0NZFaQCATWzEBBP+mGB6:UblVchPIXiVKPPa0BBGmGB6
Score10/10-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1