General

  • Target

    tp3host.exe

  • Size

    5.0MB

  • Sample

    241029-qkbtvswrhq

  • MD5

    fb08f2cb20523c34a7c01e2f565774a1

  • SHA1

    212f6bb39ab33ea61abaf69e35da3449db39d1d8

  • SHA256

    9a42637e8c5229a0b84c28892e030c5b9d07cd32ccb5bdc0cc6f0633113c8fe2

  • SHA512

    c7e650e8b7d4f1ece36f1dd1427ee200ed824a032ea6b3452a5f3f68edca4605f5f94c5ee2730dcc9016c8d8fea355fddf2d47aecdf23e574cd431307d0d143d

  • SSDEEP

    98304:Uj/lHucccKPaU8XiVvC+0NZFaQCATWzEBBP+mGB6:UblVchPIXiVKPPa0BBGmGB6

Malware Config

Extracted

Family

vidar

Version

8

Extracted

Family

vidar

C2

https://t.me/fun88rockskek

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      tp3host.exe

    • Size

      5.0MB

    • MD5

      fb08f2cb20523c34a7c01e2f565774a1

    • SHA1

      212f6bb39ab33ea61abaf69e35da3449db39d1d8

    • SHA256

      9a42637e8c5229a0b84c28892e030c5b9d07cd32ccb5bdc0cc6f0633113c8fe2

    • SHA512

      c7e650e8b7d4f1ece36f1dd1427ee200ed824a032ea6b3452a5f3f68edca4605f5f94c5ee2730dcc9016c8d8fea355fddf2d47aecdf23e574cd431307d0d143d

    • SSDEEP

      98304:Uj/lHucccKPaU8XiVvC+0NZFaQCATWzEBBP+mGB6:UblVchPIXiVKPPa0BBGmGB6

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks