General

  • Target

    1a7821dd025d04a766a1d41b14f9bfb0f90d11b4

  • Size

    3.6MB

  • Sample

    241108-myw56sznh1

  • MD5

    57315ec9fbcc7cad912c8045709257d8

  • SHA1

    1a7821dd025d04a766a1d41b14f9bfb0f90d11b4

  • SHA256

    fe9c2d372b2c9dfc51642c55248c4d193ac72ef6c938023626cd46383405e51c

  • SHA512

    242c3b160d966d567ea4897eaa2ea875f5d7ce3a4133a2dacc23775dcab8b048081342284682718df2adcd221cf5daafb84bec4a8086342e50e0361f66567936

  • SSDEEP

    98304:bR3MPut2A3z6+h06u2QY9XaOnz+cITUfI8PkLzWx0CS/Eh:bR3cA2aduYBaOnpIggBexDh

Malware Config

Extracted

Family

vidar

Version

52.1

Botnet

1281

C2

https://t.me/verstappenf1r

Attributes
  • profile_id

    1281

Targets

    • Target

      setup/AISetup-Crack.exe

    • Size

      2.4MB

    • MD5

      632c411467cb6300f1386c563b138778

    • SHA1

      dc8f21dc53c8ef420cd417d2baf531567d9a21ce

    • SHA256

      d49afecb53d0779d6767571c6576d6c1a5529cb6470a0262971b7e00724a7c6a

    • SHA512

      043e4d05d0e1b3283fac0a944842ec5ac23329ae110eefeb18c2af2d2682451e35a2950533bd2ffcf502dc2991efd2a15946a4fd281068e40cf969de1fbe0f66

    • SSDEEP

      49152:osVJkaIPdT0b3Zgjo/eLLRMHhQCN19Y8Uz2lnpev0QaM:JkawdT0raEQLRMHh/WTz2lnpev0e

    Score
    3/10
    • Target

      setup/Pre-Activated-Setup.exe

    • Size

      347.3MB

    • MD5

      6c61d27cdd0a9c8750a92021990fbc19

    • SHA1

      7f6fdf0db122195d4737f5ca85e292e0f10fbccd

    • SHA256

      8195c3e7fde033b97d9a99d642e841a4d78e4610a2e2867e303d8bd4baa6eac2

    • SHA512

      685a7bfb68072cb4f59c9137b6910f75da31401a6bbf915ddd2217400d367473b325b0c36f2705219363ebab9fcc8b0cbaed6839c2dcd403e1ee70eb31bd96f4

    • SSDEEP

      98304:gHh5kUQPPI8ZL/SbM7RjemXVY+PYfZbBVz08G+UuVMU:K2UQP7pemXV7MZbgjuV

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Vidar Stealer

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks