Overview

overview

10

Static

static

1

1.exe

windows7-x64

10

1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    1.5MB

  • Sample

    250219-yp2j3sxrcl

  • MD5

    efc2de49c53a388807ef989c2f6efa46

  • SHA1

    4ae5eeb4363c9f8b04bab4a1e40e4f057f74896c

  • SHA256

    1fed343aeac08b762cc565480913c8d0abfde1f3b18c79dc9e0a5133da903c46

  • SHA512

    3d4cdb9470c652edbf7b900f66b7885da903fe735d3fe08f7db6c7f082fe8c18630280dbb1b1476529135cb43ffd09b6247a798955e9e34456b3eb890c89f2b1

  • SSDEEP

    24576:dRrnyyHUF9Du6bbPJJ2sm5ChFzK8Pka0HEI1od8RbEYdmJl57BWBBkok4+i/Hjzw:dJvHku6iT5kK84Y8R7duWxk4+wHjzUBX

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Targets

    • Target

      1.exe

    • Size

      1.5MB

    • MD5

      efc2de49c53a388807ef989c2f6efa46

    • SHA1

      4ae5eeb4363c9f8b04bab4a1e40e4f057f74896c

    • SHA256

      1fed343aeac08b762cc565480913c8d0abfde1f3b18c79dc9e0a5133da903c46

    • SHA512

      3d4cdb9470c652edbf7b900f66b7885da903fe735d3fe08f7db6c7f082fe8c18630280dbb1b1476529135cb43ffd09b6247a798955e9e34456b3eb890c89f2b1

    • SSDEEP

      24576:dRrnyyHUF9Du6bbPJJ2sm5ChFzK8Pka0HEI1od8RbEYdmJl57BWBBkok4+i/Hjzw:dJvHku6iT5kK84Y8R7duWxk4+wHjzUBX

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks