General
-
Target
SecuriteInfo.com.Win64.MalwareX-gen.28071.20029.exe
-
Size
951KB
-
Sample
250630-xc1lksep3z
-
MD5
600623ba27769989d981904debcc3774
-
SHA1
08b03982c2c7fe5b35f1379bca1e8832cb294764
-
SHA256
5255d3c35b51e27e3a6104307edb6f32a1521f9892c4c8e7fb50ec97ff4dc7bd
-
SHA512
42ede2b6dd77ab72afa1449e5bc2710c74e586c1468126814787c0b7ad6bfe69f6c0c58cc7b212594d217146c47c89af4f890464f726648ca9f0ea648a739328
-
SSDEEP
12288:G6yQn1ME0VKFY8eoVEaXltnHGsdCBh46dV51satxZ7YT928nIpSm8satxZ7YT92l:puE0Vsb8ImfhRsatx428Issatx428I
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.MalwareX-gen.28071.20029.exe
Resource
win10v2004-20250619-en
Malware Config
Extracted
vidar
14.4
5838abba2c7ca0756153b41aab8534b5
https://t.me/q0l0o
https://steamcommunity.com/profiles/76561199872233764
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/137.0.0.0 Safari/537.36 OPR/122.0.0.0
Targets
-
-
Target
SecuriteInfo.com.Win64.MalwareX-gen.28071.20029.exe
-
Size
951KB
-
MD5
600623ba27769989d981904debcc3774
-
SHA1
08b03982c2c7fe5b35f1379bca1e8832cb294764
-
SHA256
5255d3c35b51e27e3a6104307edb6f32a1521f9892c4c8e7fb50ec97ff4dc7bd
-
SHA512
42ede2b6dd77ab72afa1449e5bc2710c74e586c1468126814787c0b7ad6bfe69f6c0c58cc7b212594d217146c47c89af4f890464f726648ca9f0ea648a739328
-
SSDEEP
12288:G6yQn1ME0VKFY8eoVEaXltnHGsdCBh46dV51satxZ7YT928nIpSm8satxZ7YT92l:puE0Vsb8ImfhRsatx428Issatx428I
-
Detect Vidar Stealer
-
Vidar family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Authentication Process
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2