Overview

overview

10

Static

static

CA3 FreeSe...UP.exe

windows7-x64

10

CA3 FreeSe...UP.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CA3 FreeSetupFileV02 - Pa$$word 2022.zip

  • Size

    3.7MB

  • Sample

    221106-2k27laedc5

  • MD5

    7e7c9cf8c4ff51adf636b5033e1b115f

  • SHA1

    b981779379c4a7486175d552c0c922d5703136d5

  • SHA256

    97c6f4953821bac00793bae0579645aaadbe431c7e231b6443a86e8c890cdc63

  • SHA512

    892e6672aeeb91286b4032e20a6da85bc4aefa340c6fce4f28597b0873e1ece99f3299244155bdcb2b792fd7c553e32832afe384d0a1a6e5efcd66ff2c78f92e

  • SSDEEP

    98304:BNaO1zcZ+DYlSlS0rmj3W0hGSjGkKkPH6AK2FkeQaC2E72+qqZfuG:BNatBlMtrmHtRK2K29QB2b+5

Score
10/10
vidar1707stealer

Malware Config

Extracted

Family

vidar

Version

55.3

Botnet

1707

C2

https://t.me/slivetalks

https://c.im/@xinibin420
Attributes
  • profile_id

    1707

Targets

    • Target

      CA3 FreeSetupFileV02 - Pa$$word 2022/SetUP.exe

    • Size

      918.4MB

    • MD5

      a488674798590aed684cdc8c2fdd16ff

    • SHA1

      aae82c45080a258098cfa0fa66036c9dbbfac127

    • SHA256

      c1d4d437ff34ec90c2511201a6ad6565c5ce07243fcd58b03984a49e3828229a

    • SHA512

      6a8aa6d4a14219adcd4b67c05b3a5a49fe2ab26109cd68033fd6b413d459346bed4af91d657401e5d0d598b927312f491f2ddf262196e83f6be88df83b5a5c0f

    • SSDEEP

      98304:49aDr969NYW68s8FXbRMZoQV9/l82s5jzpDC/YC5v3nN0M86HKAQYKIIQRbtjnIK:VDr94qBlB/kdvau7F

    Score
    10/10
    vidar1707stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks