General

  • Target

    Vidar.exe

  • Size

    1.2MB

  • Sample

    241114-ns1f3syemd

  • MD5

    2f79684349eb97b0e072d21a1b462243

  • SHA1

    ed9b9eeafc5535802e498e78611f262055d736af

  • SHA256

    9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04

  • SHA512

    4d94ae4633f3bf489d1bc9613fc6028865064ec98f73b5e9e775f08ff55d246daeddce6a4a0a013a9d05e65edc726768c397d0382e5c35352144b5338d6467d3

  • SSDEEP

    24576:9piXI12TyeC5m71MsNon4J0t1TBUV1E1HP9yjy3anIPXD:9pYaeC52KsNgFtxBUvWIaaKz

Malware Config

Extracted

Family

vidar

Version

11.4

Botnet

7c37934964656ffad71319cfd3f70c69

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      Vidar.exe

    • Size

      1.2MB

    • MD5

      2f79684349eb97b0e072d21a1b462243

    • SHA1

      ed9b9eeafc5535802e498e78611f262055d736af

    • SHA256

      9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04

    • SHA512

      4d94ae4633f3bf489d1bc9613fc6028865064ec98f73b5e9e775f08ff55d246daeddce6a4a0a013a9d05e65edc726768c397d0382e5c35352144b5338d6467d3

    • SSDEEP

      24576:9piXI12TyeC5m71MsNon4J0t1TBUV1E1HP9yjy3anIPXD:9pYaeC52KsNgFtxBUvWIaaKz

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks