General
-
Target
25e6a5e9b46814144bda0adff7e088742f2d974ff822ec931aac09ec8e3a3b14
-
Size
2.2MB
-
Sample
240701-bk6lxa1gpd
-
MD5
19ad09d3efb079eaf0231019ece5d3fb
-
SHA1
cdda0b9f18b388be6a4d33f687d687cb8238809a
-
SHA256
25e6a5e9b46814144bda0adff7e088742f2d974ff822ec931aac09ec8e3a3b14
-
SHA512
fb4b276b931e9993e7e7c325e14bb8be0369e5984c7e98e32a349150ed1a3ea5f74e75c78864f59c09a557bb7274cb515c4664cb1d957c66727bdbf9e03f5dac
-
SSDEEP
24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXXhU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPO21tuuIeNHYGY0LzjsJxK
Static task
static1
Behavioral task
behavioral1
Sample
25e6a5e9b46814144bda0adff7e088742f2d974ff822ec931aac09ec8e3a3b14.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
25e6a5e9b46814144bda0adff7e088742f2d974ff822ec931aac09ec8e3a3b14
-
Size
2.2MB
-
MD5
19ad09d3efb079eaf0231019ece5d3fb
-
SHA1
cdda0b9f18b388be6a4d33f687d687cb8238809a
-
SHA256
25e6a5e9b46814144bda0adff7e088742f2d974ff822ec931aac09ec8e3a3b14
-
SHA512
fb4b276b931e9993e7e7c325e14bb8be0369e5984c7e98e32a349150ed1a3ea5f74e75c78864f59c09a557bb7274cb515c4664cb1d957c66727bdbf9e03f5dac
-
SSDEEP
24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXXhU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPO21tuuIeNHYGY0LzjsJxK
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-