General
-
Target
b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20.exe
-
Size
1.6MB
-
Sample
241219-ea4w4swmht
-
MD5
574ab8397d011243cb52bef069bad2dc
-
SHA1
1e1cf543bb08113fec19f9d5b9c1df25ed9232f6
-
SHA256
b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20
-
SHA512
c3e3f7809e5540bdd59a0cd62e0c718aa024355952f7062aac9eb4b7f40009ac97072962f9799a2dd4e2194e7a8d4df8dd4636306ecb7fee6481f6befb684702
-
SSDEEP
49152:iEVxqQJAyCoZxV/yPHZIQDjLO7MFVrbMwjK:iSxVJA7ofVGHiMjCMFJAwW
Static task
static1
Behavioral task
behavioral1
Sample
b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.3
a770ee12f3b037ae568cfe2254681c7d
https://t.me/asg7rd
https://steamcommunity.com/profiles/76561199794498376
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20.exe
-
Size
1.6MB
-
MD5
574ab8397d011243cb52bef069bad2dc
-
SHA1
1e1cf543bb08113fec19f9d5b9c1df25ed9232f6
-
SHA256
b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20
-
SHA512
c3e3f7809e5540bdd59a0cd62e0c718aa024355952f7062aac9eb4b7f40009ac97072962f9799a2dd4e2194e7a8d4df8dd4636306ecb7fee6481f6befb684702
-
SSDEEP
49152:iEVxqQJAyCoZxV/yPHZIQDjLO7MFVrbMwjK:iSxVJA7ofVGHiMjCMFJAwW
-
Detect Vidar Stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Vidar family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-