General
-
Target
c5f20b0cb835adff91c281ba3e9995e3.bin
-
Size
2.9MB
-
Sample
240702-cbc4nswarm
-
MD5
24178e2f2330267bddfc8e24c8713aab
-
SHA1
eaa4ea52bac900576557a7cb788f5e63c54765b0
-
SHA256
8547b27fa35d4b4bb7d02cd3a7115df1b34b7030ceb27aabb762ec904b2a00d8
-
SHA512
d5c3e428709820d8db15dd124d4131fef65b78f9fd23a096f35b8f9d8240ec6138cbb3f15c9bd94f5914c6992c3a72aa13343dfcbd66c4fc624e8d331333a277
-
SSDEEP
49152:zXNA93uqG1D8Iw7C6TzFzmdv08zsSBx2cCid975bBEHfggyONoeZtSYGXMlebBPB:zXND1aTzFy4rcCid9Q/g3OieZtSYGXAa
Static task
static1
Behavioral task
behavioral1
Sample
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe
Resource
win7-20240611-en
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe
-
Size
4.4MB
-
MD5
c5f20b0cb835adff91c281ba3e9995e3
-
SHA1
b7edfc4fb9befe9acf241e423741e27d68dfd832
-
SHA256
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b
-
SHA512
233587e39de30cfa0a9526fb041f9c9c70a1e7574e8bd8d934f7b795f3eff2a8aa8e98f20a7fcb06f00c85c233461d56bbabb4bba39c1ac4869839e3f0022678
-
SSDEEP
49152:e+PcYB/o36ki63Hw4/uzcdl3ne2xAOVmmgZV099snm9pswB0Nq7:tPcYB/y6ki6PnuwT06sajB0Nq7
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-