General
-
Target
eac2023507aa414efd29baf156116048e88a00ad1d4b017fe713b83779eba0f7.exe
-
Size
1.5MB
-
Sample
241119-njd7gswcrq
-
MD5
7f643a82dae83643c8a2a3e64c65f0aa
-
SHA1
08fe6e3de174dd886596f31559237174e451adfb
-
SHA256
eac2023507aa414efd29baf156116048e88a00ad1d4b017fe713b83779eba0f7
-
SHA512
3332c882f11c53e1dff374541747b3c2d6be253b86e88e60764a366bb0f03fa878210f91b3f59a0a8aa65aaf1e6ddc0a65d81654f4b4c691c92a925b641f0a1a
-
SSDEEP
24576:m1V5bEb5v837jDHNCFYC/kNMqc5wwcotkPh2sQoarP1wRB4Z:yfxCFNGMql5PnQoaj2RB4
Static task
static1
Behavioral task
behavioral1
Sample
eac2023507aa414efd29baf156116048e88a00ad1d4b017fe713b83779eba0f7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eac2023507aa414efd29baf156116048e88a00ad1d4b017fe713b83779eba0f7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.8
68fa61169d8a1f0521b8a06aa1f33efb
https://t.me/fu4chmo
https://steamcommunity.com/profiles/76561199802540894
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
eac2023507aa414efd29baf156116048e88a00ad1d4b017fe713b83779eba0f7.exe
-
Size
1.5MB
-
MD5
7f643a82dae83643c8a2a3e64c65f0aa
-
SHA1
08fe6e3de174dd886596f31559237174e451adfb
-
SHA256
eac2023507aa414efd29baf156116048e88a00ad1d4b017fe713b83779eba0f7
-
SHA512
3332c882f11c53e1dff374541747b3c2d6be253b86e88e60764a366bb0f03fa878210f91b3f59a0a8aa65aaf1e6ddc0a65d81654f4b4c691c92a925b641f0a1a
-
SSDEEP
24576:m1V5bEb5v837jDHNCFYC/kNMqc5wwcotkPh2sQoarP1wRB4Z:yfxCFNGMql5PnQoaj2RB4
-
Detect Vidar Stealer
-
Stealc family
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4