General

  • Target

    6f8d63bcaff565b7d96e066b155a744c103dfa021cfd72076dd96ba82a335fea

  • Size

    453KB

  • Sample

    241119-vyd9csyema

  • MD5

    6534a5fc69df17cb5f4e130938348f68

  • SHA1

    73ab5e937bf510365a92fa4d87dd13d3e931c87f

  • SHA256

    6f8d63bcaff565b7d96e066b155a744c103dfa021cfd72076dd96ba82a335fea

  • SHA512

    dca1d782f0b6b616266a7696348864e4dd0ceeed00d6d6a88300f3e1ecafdf07c3a4da7d86aea44d31d73582939fc7656b1a83923f67b6194b30a2de22f1606d

  • SSDEEP

    12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ21:vbIkg9HUz/iD6sZ4

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1375

C2

https://t.me/deadftx

https://www.tiktok.com/@user6068972597711

http://116.202.2.1:80

Attributes
  • profile_id

    1375

Targets

    • Target

      6f8d63bcaff565b7d96e066b155a744c103dfa021cfd72076dd96ba82a335fea

    • Size

      453KB

    • MD5

      6534a5fc69df17cb5f4e130938348f68

    • SHA1

      73ab5e937bf510365a92fa4d87dd13d3e931c87f

    • SHA256

      6f8d63bcaff565b7d96e066b155a744c103dfa021cfd72076dd96ba82a335fea

    • SHA512

      dca1d782f0b6b616266a7696348864e4dd0ceeed00d6d6a88300f3e1ecafdf07c3a4da7d86aea44d31d73582939fc7656b1a83923f67b6194b30a2de22f1606d

    • SSDEEP

      12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ21:vbIkg9HUz/iD6sZ4

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks