General

  • Target

    e302bc75ac48569ac8f9ab3dbd31302b9ccb8858305a83698dca10e047aaeaa7

  • Size

    6.2MB

  • Sample

    241209-ny7scawngw

  • MD5

    584cf4a4f9cb958539ac091b3a79fd3a

  • SHA1

    83cf9bfe5747e7155ca816c752658ad3aaa0d9fa

  • SHA256

    e302bc75ac48569ac8f9ab3dbd31302b9ccb8858305a83698dca10e047aaeaa7

  • SHA512

    6acd009c4ab0f0e548669af6e1b68f13a5c60bca36a6ccc2095796b415dde47dd0f1d5c2ae587a4735fbecaf3b73046389c291ebac45dd131682e2b9407f4249

  • SSDEEP

    12288:yQuJMMD+15Kx4I3y41UyKvXVr4D2P8wMxmAQvOwLALDOQyQWDs0H:IyM0IZTyZVEakxmdVALDONPjH

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

8ff0797948d4b39f051a704ea27bdbde

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      e302bc75ac48569ac8f9ab3dbd31302b9ccb8858305a83698dca10e047aaeaa7

    • Size

      6.2MB

    • MD5

      584cf4a4f9cb958539ac091b3a79fd3a

    • SHA1

      83cf9bfe5747e7155ca816c752658ad3aaa0d9fa

    • SHA256

      e302bc75ac48569ac8f9ab3dbd31302b9ccb8858305a83698dca10e047aaeaa7

    • SHA512

      6acd009c4ab0f0e548669af6e1b68f13a5c60bca36a6ccc2095796b415dde47dd0f1d5c2ae587a4735fbecaf3b73046389c291ebac45dd131682e2b9407f4249

    • SSDEEP

      12288:yQuJMMD+15Kx4I3y41UyKvXVr4D2P8wMxmAQvOwLALDOQyQWDs0H:IyM0IZTyZVEakxmdVALDONPjH

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks