General

  • Target

    1bc68d708e953bf10bbf6744a6b91b28.exe

  • Size

    959KB

  • Sample

    241121-gzwcdayfjg

  • MD5

    1bc68d708e953bf10bbf6744a6b91b28

  • SHA1

    a6938a273e7a82cf4909ca40d224a6430f6a2860

  • SHA256

    9c46859695bed9bd827e2292e634c39e2982f40d9be6b170d185ae154a1a6a5f

  • SHA512

    d402f564fc707cdfd6b0853da5c70f0fe7b87e933ce4ff27b28325497dc70439db82bb02c12ed7f1ed804ee3730278117302489c645efbade654f7a9bbd48a06

  • SSDEEP

    24576:2aTm8nQDF5o5nsuru7m/vQ4MYTsPP+1b3PqfRQ2/9:7pQR2RszOQ4JgPYb3YR/9

Malware Config

Extracted

Family

vidar

Version

11.5

Botnet

583ba11aa826bd4d97a3a14cb18c8fac

C2

https://t.me/gos90t

https://steamcommunity.com/profiles/76561199800374635

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      1bc68d708e953bf10bbf6744a6b91b28.exe

    • Size

      959KB

    • MD5

      1bc68d708e953bf10bbf6744a6b91b28

    • SHA1

      a6938a273e7a82cf4909ca40d224a6430f6a2860

    • SHA256

      9c46859695bed9bd827e2292e634c39e2982f40d9be6b170d185ae154a1a6a5f

    • SHA512

      d402f564fc707cdfd6b0853da5c70f0fe7b87e933ce4ff27b28325497dc70439db82bb02c12ed7f1ed804ee3730278117302489c645efbade654f7a9bbd48a06

    • SSDEEP

      24576:2aTm8nQDF5o5nsuru7m/vQ4MYTsPP+1b3PqfRQ2/9:7pQR2RszOQ4JgPYb3YR/9

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks