General

  • Target

    8184a6dd62658bd0dd67d2dbc26b11a9488b6e1e3c68f635e70c3245d600ff8b.exe

  • Size

    6.2MB

  • Sample

    241111-n7ywsszane

  • MD5

    1d8c2eb7cd03e559009ab6ef0f40d6c6

  • SHA1

    157afa807448cfdecc3b68e0940cd253f7a368bd

  • SHA256

    8184a6dd62658bd0dd67d2dbc26b11a9488b6e1e3c68f635e70c3245d600ff8b

  • SHA512

    f64bc733501554e0e26d200b887ba6d92ba86e6ed4fbe755e1b25c707a399643f0ece7e3f61a0f33db0bcfb4e2afd8ea3a1fe97e067e3ec4caff45df4be20e74

  • SSDEEP

    98304:cTiMEvjmzKewwsZ2XoCx7fR+Q6VCKrUka:iiMEaI24C1UQszrU1

Malware Config

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      8184a6dd62658bd0dd67d2dbc26b11a9488b6e1e3c68f635e70c3245d600ff8b.exe

    • Size

      6.2MB

    • MD5

      1d8c2eb7cd03e559009ab6ef0f40d6c6

    • SHA1

      157afa807448cfdecc3b68e0940cd253f7a368bd

    • SHA256

      8184a6dd62658bd0dd67d2dbc26b11a9488b6e1e3c68f635e70c3245d600ff8b

    • SHA512

      f64bc733501554e0e26d200b887ba6d92ba86e6ed4fbe755e1b25c707a399643f0ece7e3f61a0f33db0bcfb4e2afd8ea3a1fe97e067e3ec4caff45df4be20e74

    • SSDEEP

      98304:cTiMEvjmzKewwsZ2XoCx7fR+Q6VCKrUka:iiMEaI24C1UQszrU1

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks