General
-
Target
dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8.exe
-
Size
275KB
-
Sample
241126-d1z56sskcz
-
MD5
df96c3d0bb84474f4ed6c4206d1bacea
-
SHA1
3e846e3a979cfad2df3eadc821fccf48f2cda4fd
-
SHA256
dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8
-
SHA512
17ab06107bfcbbd4cc5503996d544d5d48e6ae4f49f76be841455885b77e5c7a5128ab74903a1825dd3a809aed12b414f7dc97c2ae7f5750ad67abba22bd1055
-
SSDEEP
6144:rh0ZpFC4sffny7TuLBdZlT4DIJYdy3i8ioyrN:rh0ZpFCfB3TGyYy35iBZ
Behavioral task
behavioral1
Sample
dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.8
93e4f2dec1428009f8bc755e83a21d1b
https://t.me/fu4chmo
https://steamcommunity.com/profiles/76561199802540894
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8.exe
-
Size
275KB
-
MD5
df96c3d0bb84474f4ed6c4206d1bacea
-
SHA1
3e846e3a979cfad2df3eadc821fccf48f2cda4fd
-
SHA256
dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8
-
SHA512
17ab06107bfcbbd4cc5503996d544d5d48e6ae4f49f76be841455885b77e5c7a5128ab74903a1825dd3a809aed12b414f7dc97c2ae7f5750ad67abba22bd1055
-
SSDEEP
6144:rh0ZpFC4sffny7TuLBdZlT4DIJYdy3i8ioyrN:rh0ZpFCfB3TGyYy35iBZ
-
Detect Vidar Stealer
-
Stealc family
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4