General

  • Target

    njrtdhadawt.exe

  • Size

    943KB

  • Sample

    241216-k5llxatmhx

  • MD5

    96e4917ea5d59eca7dd21ad7e7a03d07

  • SHA1

    28c721effb773fdd5cb2146457c10b081a9a4047

  • SHA256

    cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957

  • SHA512

    3414450d1a200ffdcc6e3cb477a0a11049e5e86e8d15ae5b8ed3740a52a0226774333492279092134364460b565a25a7967b987f2304355ecfd5825f86e61687

  • SSDEEP

    24576:ajfMVHefX7eO2FwYPMGNL/geFyNcTN+jv75TQn652VBuNyb2i:oEQreO8wRGJtF4ch+jvNm0Nyb2

Malware Config

Extracted

Family

vidar

Version

11.3

Botnet

a21440e9f7223be06be5f5e2f94969c7

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      njrtdhadawt.exe

    • Size

      943KB

    • MD5

      96e4917ea5d59eca7dd21ad7e7a03d07

    • SHA1

      28c721effb773fdd5cb2146457c10b081a9a4047

    • SHA256

      cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957

    • SHA512

      3414450d1a200ffdcc6e3cb477a0a11049e5e86e8d15ae5b8ed3740a52a0226774333492279092134364460b565a25a7967b987f2304355ecfd5825f86e61687

    • SSDEEP

      24576:ajfMVHefX7eO2FwYPMGNL/geFyNcTN+jv75TQn652VBuNyb2i:oEQreO8wRGJtF4ch+jvNm0Nyb2

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks