General

  • Target

    b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20.exe

  • Size

    1.6MB

  • Sample

    241219-ea4w4swmht

  • MD5

    574ab8397d011243cb52bef069bad2dc

  • SHA1

    1e1cf543bb08113fec19f9d5b9c1df25ed9232f6

  • SHA256

    b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20

  • SHA512

    c3e3f7809e5540bdd59a0cd62e0c718aa024355952f7062aac9eb4b7f40009ac97072962f9799a2dd4e2194e7a8d4df8dd4636306ecb7fee6481f6befb684702

  • SSDEEP

    49152:iEVxqQJAyCoZxV/yPHZIQDjLO7MFVrbMwjK:iSxVJA7ofVGHiMjCMFJAwW

Malware Config

Extracted

Family

vidar

Version

11.3

Botnet

a770ee12f3b037ae568cfe2254681c7d

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20.exe

    • Size

      1.6MB

    • MD5

      574ab8397d011243cb52bef069bad2dc

    • SHA1

      1e1cf543bb08113fec19f9d5b9c1df25ed9232f6

    • SHA256

      b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20

    • SHA512

      c3e3f7809e5540bdd59a0cd62e0c718aa024355952f7062aac9eb4b7f40009ac97072962f9799a2dd4e2194e7a8d4df8dd4636306ecb7fee6481f6befb684702

    • SSDEEP

      49152:iEVxqQJAyCoZxV/yPHZIQDjLO7MFVrbMwjK:iSxVJA7ofVGHiMjCMFJAwW

    • Detect Vidar Stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks