General

  • Target

    9e5882a6f91108bb85b72efd662b3d57f168b8f8e061d8cb837b7d7eb68e293dN

  • Size

    551KB

  • Sample

    241110-rmeh7syejg

  • MD5

    af97b6bc8d46742836b38fc37c2de2e0

  • SHA1

    5736933d95d9070bf2ba5b7eb46b782e4f21390e

  • SHA256

    9e5882a6f91108bb85b72efd662b3d57f168b8f8e061d8cb837b7d7eb68e293d

  • SHA512

    f9abed02605e7ea8ab578ab99262c11351f61a4cf82ad206a29924aaf7df0e6192c3139d9cedbb793803f66ff68d06b2940518ec2d2485067ffdf692b507e284

  • SSDEEP

    12288:fKzXYJTVvvjtfDGlUcehFBNk9QACS4Wp51Q11jDE4wBlsP:fsCV5ayJTHkKA9jp5UlwBI

Malware Config

Extracted

Family

vidar

C2

http://proxy.johnmccrea.com/

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      9e5882a6f91108bb85b72efd662b3d57f168b8f8e061d8cb837b7d7eb68e293dN

    • Size

      551KB

    • MD5

      af97b6bc8d46742836b38fc37c2de2e0

    • SHA1

      5736933d95d9070bf2ba5b7eb46b782e4f21390e

    • SHA256

      9e5882a6f91108bb85b72efd662b3d57f168b8f8e061d8cb837b7d7eb68e293d

    • SHA512

      f9abed02605e7ea8ab578ab99262c11351f61a4cf82ad206a29924aaf7df0e6192c3139d9cedbb793803f66ff68d06b2940518ec2d2485067ffdf692b507e284

    • SSDEEP

      12288:fKzXYJTVvvjtfDGlUcehFBNk9QACS4Wp51Q11jDE4wBlsP:fsCV5ayJTHkKA9jp5UlwBI

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks