General

  • Target

    cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957.exe

  • Size

    943KB

  • MD5

    96e4917ea5d59eca7dd21ad7e7a03d07

  • SHA1

    28c721effb773fdd5cb2146457c10b081a9a4047

  • SHA256

    cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957

  • SHA512

    3414450d1a200ffdcc6e3cb477a0a11049e5e86e8d15ae5b8ed3740a52a0226774333492279092134364460b565a25a7967b987f2304355ecfd5825f86e61687

  • SSDEEP

    24576:ajfMVHefX7eO2FwYPMGNL/geFyNcTN+jv75TQn652VBuNyb2i:oEQreO8wRGJtF4ch+jvNm0Nyb2

Malware Config

Extracted

Family

vidar

Version

11.3

Botnet

a21440e9f7223be06be5f5e2f94969c7

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

  • Detect Vidar Stealer 1 IoCs
  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957.exe
    .exe windows:5 windows x86 arch:x86

    dae99f55715d10799c7a5f3e0cd9d13d


    Headers

    Imports

    Sections