Overview

overview

10

Static

static

3

2025-02-14...ch.exe

windows7-x64

10

2025-02-14...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-14_edf0361d7e1a2d06c573d78e7d7ecae2_frostygoop_poet-rat_snatch

  • Size

    5.0MB

  • Sample

    250214-2p23ds1kaz

  • MD5

    edf0361d7e1a2d06c573d78e7d7ecae2

  • SHA1

    31cc9ed6c7960c88f43c66f1508557edf0eb59b9

  • SHA256

    94bd396081819299ca6a97344515e7c7ee04fc0e398bb236157fd8c3451010e2

  • SHA512

    77f7bbb0e9bbb776fd5268768daea9bb55b35863da2eacb37f6c98330cc7655d115282baef96e540eaa04761550b717838fe2d5e01e5cede24a0f68c26f1c983

  • SSDEEP

    49152:f8vfqhpKxJrbfxV27axZ5jraplhgvK+cSV7jRyw6FoehTm7VNDPj1WfQ1ek1/:03McxFrTmaxkCv5jxq

Score
10/10
vidarcredential_accessdiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/b4cha00

https://steamcommunity.com/profiles/76561199825403037
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0

Targets

    • Target

      2025-02-14_edf0361d7e1a2d06c573d78e7d7ecae2_frostygoop_poet-rat_snatch

    • Size

      5.0MB

    • MD5

      edf0361d7e1a2d06c573d78e7d7ecae2

    • SHA1

      31cc9ed6c7960c88f43c66f1508557edf0eb59b9

    • SHA256

      94bd396081819299ca6a97344515e7c7ee04fc0e398bb236157fd8c3451010e2

    • SHA512

      77f7bbb0e9bbb776fd5268768daea9bb55b35863da2eacb37f6c98330cc7655d115282baef96e540eaa04761550b717838fe2d5e01e5cede24a0f68c26f1c983

    • SSDEEP

      49152:f8vfqhpKxJrbfxV27axZ5jraplhgvK+cSV7jRyw6FoehTm7VNDPj1WfQ1ek1/:03McxFrTmaxkCv5jxq

    Score
    10/10
    vidarcredential_accessdiscoverystealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks