General
-
Target
njrtdhadawt.exe
-
Size
943KB
-
Sample
241216-k5llxatmhx
-
MD5
96e4917ea5d59eca7dd21ad7e7a03d07
-
SHA1
28c721effb773fdd5cb2146457c10b081a9a4047
-
SHA256
cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957
-
SHA512
3414450d1a200ffdcc6e3cb477a0a11049e5e86e8d15ae5b8ed3740a52a0226774333492279092134364460b565a25a7967b987f2304355ecfd5825f86e61687
-
SSDEEP
24576:ajfMVHefX7eO2FwYPMGNL/geFyNcTN+jv75TQn652VBuNyb2i:oEQreO8wRGJtF4ch+jvNm0Nyb2
Behavioral task
behavioral1
Sample
njrtdhadawt.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
njrtdhadawt.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.3
a21440e9f7223be06be5f5e2f94969c7
https://t.me/asg7rd
https://steamcommunity.com/profiles/76561199794498376
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
njrtdhadawt.exe
-
Size
943KB
-
MD5
96e4917ea5d59eca7dd21ad7e7a03d07
-
SHA1
28c721effb773fdd5cb2146457c10b081a9a4047
-
SHA256
cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957
-
SHA512
3414450d1a200ffdcc6e3cb477a0a11049e5e86e8d15ae5b8ed3740a52a0226774333492279092134364460b565a25a7967b987f2304355ecfd5825f86e61687
-
SSDEEP
24576:ajfMVHefX7eO2FwYPMGNL/geFyNcTN+jv75TQn652VBuNyb2i:oEQreO8wRGJtF4ch+jvNm0Nyb2
-
Detect Vidar Stealer
-
Vidar family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-