Overview

overview

10

Static

static

3

2024-11-06...ch.exe

windows7-x64

10

2024-11-06...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-06_97d13a4f093be5f096540591619476e2_poet-rat_snatch

  • Size

    24.7MB

  • Sample

    241106-cjqdzaskbz

  • MD5

    97d13a4f093be5f096540591619476e2

  • SHA1

    03bcb365c34fef53750af6e783601ee8edc58def

  • SHA256

    cc4082117e8a2f2dcf959d6276da5c53345a2ef6564cd014a2a04c988d78a2c6

  • SHA512

    fa6405f4dd1140e04895b3cae326da80ef9a8e64ba6786b2582474c99df2bc0fd4e3fd822851a503eee2ca594247ad350da4540ec4005f8fb62ba4603395e748

  • SSDEEP

    98304:8vkH7wY4yuW07JJkTXzEuo70QfTIgQBojs+5qSyHSgCBOvMOefSQOMaHH0+nn87b:2kb7CzTmKjs/HjCYkOeCMa0+nn8/CEb

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      2024-11-06_97d13a4f093be5f096540591619476e2_poet-rat_snatch

    • Size

      24.7MB

    • MD5

      97d13a4f093be5f096540591619476e2

    • SHA1

      03bcb365c34fef53750af6e783601ee8edc58def

    • SHA256

      cc4082117e8a2f2dcf959d6276da5c53345a2ef6564cd014a2a04c988d78a2c6

    • SHA512

      fa6405f4dd1140e04895b3cae326da80ef9a8e64ba6786b2582474c99df2bc0fd4e3fd822851a503eee2ca594247ad350da4540ec4005f8fb62ba4603395e748

    • SSDEEP

      98304:8vkH7wY4yuW07JJkTXzEuo70QfTIgQBojs+5qSyHSgCBOvMOefSQOMaHH0+nn87b:2kb7CzTmKjs/HjCYkOeCMa0+nn8/CEb

    Score
    10/10
    vidarcredential_accessdiscoverystealerspyware

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks