General

  • Target

    crypted.exe

  • Size

    1.7MB

  • Sample

    250330-ng65gsxwgv

  • MD5

    175c9b6b2db3b3624f7df4c54dff3262

  • SHA1

    a96c038467d2d6ff0b95275a828948997b6987a3

  • SHA256

    5ce7687d00cc5cdc0b7575bc68940f7a092a1f559f987f3b6a9b0c837eaa6496

  • SHA512

    3d728ce053930f16c8debc087807b3eaadef3c9b21a452b49f13ce767b35b221e71b15db8c849fe71c7d0077d2c0ab31506762626622f87347c596260cddff34

  • SSDEEP

    24576:2iB4QbCAnGZPk/jhW2DQQ3iF2K8+2ntZ8oWyOpZwrlUR:2iB490ykrlUR

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

00cb84c6bd4caac4bdfc1131beae4df7

C2

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Targets

    • Target

      crypted.exe

    • Size

      1.7MB

    • MD5

      175c9b6b2db3b3624f7df4c54dff3262

    • SHA1

      a96c038467d2d6ff0b95275a828948997b6987a3

    • SHA256

      5ce7687d00cc5cdc0b7575bc68940f7a092a1f559f987f3b6a9b0c837eaa6496

    • SHA512

      3d728ce053930f16c8debc087807b3eaadef3c9b21a452b49f13ce767b35b221e71b15db8c849fe71c7d0077d2c0ab31506762626622f87347c596260cddff34

    • SSDEEP

      24576:2iB4QbCAnGZPk/jhW2DQQ3iF2K8+2ntZ8oWyOpZwrlUR:2iB490ykrlUR

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.