Overview

overview

10

Static

static

3

updater.exe

windows7-x64

10

updater.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updater.exe

  • Size

    5.0MB

  • Sample

    250212-rcscbavkhy

  • MD5

    0eb5d5bc68a30d4fa858a260c0607e20

  • SHA1

    edec0acf854acbce18471c2b6789cc503a0f0171

  • SHA256

    964ff006219ac3c428ecd794a7727c3d6e67e28b32380bf60ad9aaecaccbb496

  • SHA512

    74e810cc4efd231542654a2ce8c6cb9a1ce994c639ed53b5549ee58eed391652e8fe9b0c490651e2a45dc72f7bd8e835de119e5a061bd5651abdc4833ad52867

  • SSDEEP

    49152:IA4X4G8oYAuLzdgH0v7PyLi9SjUWjV7ywUG1l7hMEUhfROOtKnxivNTUKwCnRP59:IXX4GeHdgUjPynVJhnxowoY

Score
10/10
vidarcredential_accessdiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/sok33tn

https://steamcommunity.com/profiles/76561199824159981
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

    • Target

      updater.exe

    • Size

      5.0MB

    • MD5

      0eb5d5bc68a30d4fa858a260c0607e20

    • SHA1

      edec0acf854acbce18471c2b6789cc503a0f0171

    • SHA256

      964ff006219ac3c428ecd794a7727c3d6e67e28b32380bf60ad9aaecaccbb496

    • SHA512

      74e810cc4efd231542654a2ce8c6cb9a1ce994c639ed53b5549ee58eed391652e8fe9b0c490651e2a45dc72f7bd8e835de119e5a061bd5651abdc4833ad52867

    • SSDEEP

      49152:IA4X4G8oYAuLzdgH0v7PyLi9SjUWjV7ywUG1l7hMEUhfROOtKnxivNTUKwCnRP59:IXX4GeHdgUjPynVJhnxowoY

    Score
    10/10
    vidarcredential_accessdiscoverystealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks