General
-
Target
69ed9f426fdc328e89b0f5d4b70ef2d3d2c437f1732a34a41a7c086be9256c31
-
Size
2.2MB
-
Sample
240701-kc8kzavdkn
-
MD5
878bb8c36de5ec8e4a6da86ee36dee13
-
SHA1
998051011561fb8ea4a75cf8455eeaa4356516fd
-
SHA256
69ed9f426fdc328e89b0f5d4b70ef2d3d2c437f1732a34a41a7c086be9256c31
-
SHA512
75e93d452e14eaa860834eccc8744331d8732434bae95d6d68d07bc163a41f95ff8604e94e8fb57c218b7b31153451c41c265056b916016b67213b63dbcec52d
-
SSDEEP
24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXfeU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPl21tuuIeNHYGY0LzjsJxK
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
69ed9f426fdc328e89b0f5d4b70ef2d3d2c437f1732a34a41a7c086be9256c31
-
Size
2.2MB
-
MD5
878bb8c36de5ec8e4a6da86ee36dee13
-
SHA1
998051011561fb8ea4a75cf8455eeaa4356516fd
-
SHA256
69ed9f426fdc328e89b0f5d4b70ef2d3d2c437f1732a34a41a7c086be9256c31
-
SHA512
75e93d452e14eaa860834eccc8744331d8732434bae95d6d68d07bc163a41f95ff8604e94e8fb57c218b7b31153451c41c265056b916016b67213b63dbcec52d
-
SSDEEP
24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXfeU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPl21tuuIeNHYGY0LzjsJxK
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-