General

  • Target

    lyjdfjthawd.exe

  • Size

    275KB

  • MD5

    81a8c700d5bdd648c2848050da4edc4b

  • SHA1

    61e9ee541aac8aea077daedd1f31497b0bec2ab4

  • SHA256

    d7e8ecfbb9b6b70ac2314516226c94a32ccaba6c31aa4da4a52fa07c2cf22cd4

  • SHA512

    473b51e3bf9bb2c787db00b574d28306f209e9f6828b8e36b67b0fea81ec5fe303a4298accff51ee058ea7542049aa33950e9951fa33f248ab3799b826050087

  • SSDEEP

    6144:Ch0ZpFC4sffny7TuLBdZlT4DIJYdy3I8ioyrN:Ch0ZpFCfB3TGyYy3ziBZ

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

0174ec9d0ab5d3dd4d0bbe7415cfa10c

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

  • Detect Vidar Stealer 1 IoCs
  • Stealc family
  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • lyjdfjthawd.exe
    .exe windows:5 windows x86 arch:x86

    0b8c3b7f5974cb002243977711d52689


    Headers

    Imports

    Sections