General

  • Target

    81a8c700d5bdd648c2848050da4edc4b.bin

  • Size

    149KB

  • Sample

    241202-byfyeaxpbj

  • MD5

    86ea2a823de05c212a36daed568d8fc4

  • SHA1

    1818ee6621859f445360d0532c0cd9f173c10330

  • SHA256

    ab5b102c50eabd1a3284986e3c1062fbc54aabe7ddc5e9c184847c9a94fb13f8

  • SHA512

    d9b78a0adb77a2837443eb2fa680f745b82335115889a3a3f2829de8c69aa688752f047d66dc2dddee96fcd7448256cc42b3a6850f6db6105c7842f39ff6136a

  • SSDEEP

    3072:bOlfFko2cIROGAZQhhWE0yM8NblNG3Q2BMN8i5XjcNY4:QpxQhjqWblNG3Q2TipwNY4

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

0174ec9d0ab5d3dd4d0bbe7415cfa10c

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      d7e8ecfbb9b6b70ac2314516226c94a32ccaba6c31aa4da4a52fa07c2cf22cd4.exe

    • Size

      275KB

    • MD5

      81a8c700d5bdd648c2848050da4edc4b

    • SHA1

      61e9ee541aac8aea077daedd1f31497b0bec2ab4

    • SHA256

      d7e8ecfbb9b6b70ac2314516226c94a32ccaba6c31aa4da4a52fa07c2cf22cd4

    • SHA512

      473b51e3bf9bb2c787db00b574d28306f209e9f6828b8e36b67b0fea81ec5fe303a4298accff51ee058ea7542049aa33950e9951fa33f248ab3799b826050087

    • SSDEEP

      6144:Ch0ZpFC4sffny7TuLBdZlT4DIJYdy3I8ioyrN:Ch0ZpFCfB3TGyYy3ziBZ

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks