General

  • Target

    SecuriteInfo.com.Win64.MalwareX-gen.28071.20029.exe

  • Size

    951KB

  • Sample

    250630-xc1lksep3z

  • MD5

    600623ba27769989d981904debcc3774

  • SHA1

    08b03982c2c7fe5b35f1379bca1e8832cb294764

  • SHA256

    5255d3c35b51e27e3a6104307edb6f32a1521f9892c4c8e7fb50ec97ff4dc7bd

  • SHA512

    42ede2b6dd77ab72afa1449e5bc2710c74e586c1468126814787c0b7ad6bfe69f6c0c58cc7b212594d217146c47c89af4f890464f726648ca9f0ea648a739328

  • SSDEEP

    12288:G6yQn1ME0VKFY8eoVEaXltnHGsdCBh46dV51satxZ7YT928nIpSm8satxZ7YT92l:puE0Vsb8ImfhRsatx428Issatx428I

Malware Config

Extracted

Family

vidar

Version

14.4

Botnet

5838abba2c7ca0756153b41aab8534b5

C2

https://t.me/q0l0o

https://steamcommunity.com/profiles/76561199872233764

Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/137.0.0.0 Safari/537.36 OPR/122.0.0.0

Targets

    • Target

      SecuriteInfo.com.Win64.MalwareX-gen.28071.20029.exe

    • Size

      951KB

    • MD5

      600623ba27769989d981904debcc3774

    • SHA1

      08b03982c2c7fe5b35f1379bca1e8832cb294764

    • SHA256

      5255d3c35b51e27e3a6104307edb6f32a1521f9892c4c8e7fb50ec97ff4dc7bd

    • SHA512

      42ede2b6dd77ab72afa1449e5bc2710c74e586c1468126814787c0b7ad6bfe69f6c0c58cc7b212594d217146c47c89af4f890464f726648ca9f0ea648a739328

    • SSDEEP

      12288:G6yQn1ME0VKFY8eoVEaXltnHGsdCBh46dV51satxZ7YT928nIpSm8satxZ7YT92l:puE0Vsb8ImfhRsatx428Issatx428I

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks