General

  • Target

    mnotpadppppp.exe

  • Size

    137KB

  • MD5

    eef0cf1e11cb3f28d745ea4147fc6d90

  • SHA1

    da5e2f874cde6c4e8fa39acc0b4006fe97030881

  • SHA256

    a4f6c7683dfaf5495456684359e73c8decdac1435ab742763ad1fe7260f775b9

  • SHA512

    0b79b6cc0bb84011b5d0b80251a83188682e057d58c9c700886eb482d491d4593b1891dcd840f3fefe164adefae9f3641e2f03372390efba926e12581df8789b

  • SSDEEP

    3072:aVvH8RuVrLyEj/S2CUGACcceJd/klDHa/R8mxu3s8Qrqu:KH8RuRLlzgUd6a/Aslrqu

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

23b8a0e48f77dc82cb41b2936121fd07

C2

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

  • Detect Vidar Stealer 1 IoCs
  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • mnotpadppppp.exe
    .exe windows:6 windows x86 arch:x86

    351fbae162a7dacb0ecda3be35f09973


    Headers

    Imports

    Sections