General
-
Target
file.exe
-
Size
4.6MB
-
Sample
221014-rad2xadfbp
-
MD5
a3fe284028b602171040f75d543fdb41
-
SHA1
a84e13e12f796c9b8a245a84913435e3e32887ed
-
SHA256
e61234a0934d7955c0bafda460b8220f7012958415e05635d61d433a6e0c9006
-
SHA512
b1100bb9cc48120aa9b8e142aea0ee28886df49fdc5c879dbb24f53942c8faa0afeee7548c4922bda5c14024c05337e4c9edeeb53389eb42a494b1bb652e638b
-
SSDEEP
98304:ViDQT8ujHq4GoOkoPtwOhoQWujB7iKpTHHr4w2bYx/jL5o5s:jA2H3c1oipXyYx7
Malware Config
Extracted
vidar
55
1679
https://t.me/truewallets
https://mas.to/@zara99
http://116.203.10.3:80
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
4.6MB
-
MD5
a3fe284028b602171040f75d543fdb41
-
SHA1
a84e13e12f796c9b8a245a84913435e3e32887ed
-
SHA256
e61234a0934d7955c0bafda460b8220f7012958415e05635d61d433a6e0c9006
-
SHA512
b1100bb9cc48120aa9b8e142aea0ee28886df49fdc5c879dbb24f53942c8faa0afeee7548c4922bda5c14024c05337e4c9edeeb53389eb42a494b1bb652e638b
-
SSDEEP
98304:ViDQT8ujHq4GoOkoPtwOhoQWujB7iKpTHHr4w2bYx/jL5o5s:jA2H3c1oipXyYx7
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-