Overview

overview

10

Static

static

1

ThoseFormer.exe

windows7-x64

10

ThoseFormer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ThoseFormer.zip

  • Size

    3.3MB

  • Sample

    250201-xar7esxjcm

  • MD5

    b5c196c2f587f028c7fc4bc569b9542e

  • SHA1

    c29f931165f9e1acc655ecabd341c6042dd42f0f

  • SHA256

    442f5b47ac8e50c9f937c5eea695f5ad005c795f421c67cdf9df764bef195b5b

  • SHA512

    0e83dd5753b9b5e6aa64adfad9f053bd6bfa1bedd23002d3c879b4b082911d42db65005b5bc6d49a9199693afe6ff1680bb8adad4416b4f57d1eed954f4ba4d1

  • SSDEEP

    24576:VIqaPKvKB9uQ9bvgjwmdPBKj6Lf95q63qX3hw7B8d:VI+oUQijNdcr63qQKd

Score
10/10
vidardiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

    • Target

      ThoseFormer.exe

    • Size

      800.0MB

    • MD5

      f3d89e4861bb5cb5bc63ea7bd83804fb

    • SHA1

      dd90c95445b9d4653f367b1c7742ddd9cee49468

    • SHA256

      9af491589a55d702154a4851c0c7a0e8c5275798fdedf73ecbf2a516f0f3ffdc

    • SHA512

      c546217a4551d506e8fb78be43367a353c9911d9cc2b5a58fff2c89bd6f50670d69de4650e37c0eae57dbb18f84acff6a91cd4b605b11c5cb6c93fbf4516cda0

    • SSDEEP

      24576:N6FQppKd9CO9bjajGmd9XIvG3L9hqo3qXdFk7d8:MFem0OwjbdYBo3q4W

    Score
    10/10
    vidardiscoverystealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks