General

  • Target

    6dc517f58f112adcdd3cfae606a67964.exe

  • Size

    6.2MB

  • Sample

    241110-gx6qbs1drk

  • MD5

    6dc517f58f112adcdd3cfae606a67964

  • SHA1

    b59f74642e963111027613ce0206ca77aec06fda

  • SHA256

    2a559ce1ff609781226319d7f57d6c8cf32487bd87bb796ea43ee015aa104a73

  • SHA512

    6f04ac98d9ea1eb203d2b93e9ff9f02a26b2ff61a4afc61b47f5d7f6260a80bc085fbc24c97c43407651c231156f468d4fe00cb152e64c6be948fed6b19f4ed8

  • SSDEEP

    98304:cTiMEvjmzKewwsZ2XoCx7fR+Q6VCKrUk:iiMEaI24C1UQszrU

Malware Config

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      6dc517f58f112adcdd3cfae606a67964.exe

    • Size

      6.2MB

    • MD5

      6dc517f58f112adcdd3cfae606a67964

    • SHA1

      b59f74642e963111027613ce0206ca77aec06fda

    • SHA256

      2a559ce1ff609781226319d7f57d6c8cf32487bd87bb796ea43ee015aa104a73

    • SHA512

      6f04ac98d9ea1eb203d2b93e9ff9f02a26b2ff61a4afc61b47f5d7f6260a80bc085fbc24c97c43407651c231156f468d4fe00cb152e64c6be948fed6b19f4ed8

    • SSDEEP

      98304:cTiMEvjmzKewwsZ2XoCx7fR+Q6VCKrUk:iiMEaI24C1UQszrU

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks