Overview

overview

10

Static

static

1

6T1GN_random.exe

windows7-x64

10

6T1GN_random.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6T1GN_random.exe

  • Size

    989KB

  • Sample

    250131-wcqwpsvldm

  • MD5

    f2432fdb07cac95c4481843ff0e77fd7

  • SHA1

    edc08e196ee4ca14f9a57baeab6723cb42118ce3

  • SHA256

    66028849a2e0c56e20bc6c17e7acf127cb7da54b8ca1c0eec303fbae79c72888

  • SHA512

    a57c50ec93e8bab6c867866b382a1b467fa151da1f0d080a4c6fc8084f65e3d49123ea2e238ae43b3c0f685a77d860b71218682835314890652ac368631d9a3d

  • SSDEEP

    24576:KU/4804Y0vqB0iIHTmjtghDrE3+Zu8BKghhTMveogJiEOB:e8FgB0iQCtg+b8KAZI7j

Score
10/10
vidardiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

    • Target

      6T1GN_random.exe

    • Size

      989KB

    • MD5

      f2432fdb07cac95c4481843ff0e77fd7

    • SHA1

      edc08e196ee4ca14f9a57baeab6723cb42118ce3

    • SHA256

      66028849a2e0c56e20bc6c17e7acf127cb7da54b8ca1c0eec303fbae79c72888

    • SHA512

      a57c50ec93e8bab6c867866b382a1b467fa151da1f0d080a4c6fc8084f65e3d49123ea2e238ae43b3c0f685a77d860b71218682835314890652ac368631d9a3d

    • SSDEEP

      24576:KU/4804Y0vqB0iIHTmjtghDrE3+Zu8BKghhTMveogJiEOB:e8FgB0iQCtg+b8KAZI7j

    Score
    10/10
    vidardiscoverystealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks