General
-
Target
Setup.exe
-
Size
4.0MB
-
Sample
221124-h97zlabf7y
-
MD5
93e9a7b6faee87dca18870bc840ba761
-
SHA1
7a8ba598eb6a7567e475a2d4827cd28da8780c9d
-
SHA256
9f47198b35478784b38b1094f82d96cb6d50c3edc4a0139ac4ccd9e822c86feb
-
SHA512
4f9f84cbb01c1997f7e5c91d588401ce5a4157a589dab3339a34097227714d4116b3e349155e598e245ee7dfea132eec89ebead2546ef0b3da5eb630280f24c0
-
SSDEEP
98304:U39zUF9aNgo9hfm3pBsdNhDYbSNkH3jNHtJ1DTzY0Djgz9Q:UxUOgulCzsZDYtXjNNrXcz9Q
Malware Config
Extracted
vidar
55.8
1364
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1364
Targets
-
-
Target
Setup.exe
-
Size
4.0MB
-
MD5
93e9a7b6faee87dca18870bc840ba761
-
SHA1
7a8ba598eb6a7567e475a2d4827cd28da8780c9d
-
SHA256
9f47198b35478784b38b1094f82d96cb6d50c3edc4a0139ac4ccd9e822c86feb
-
SHA512
4f9f84cbb01c1997f7e5c91d588401ce5a4157a589dab3339a34097227714d4116b3e349155e598e245ee7dfea132eec89ebead2546ef0b3da5eb630280f24c0
-
SSDEEP
98304:U39zUF9aNgo9hfm3pBsdNhDYbSNkH3jNHtJ1DTzY0Djgz9Q:UxUOgulCzsZDYtXjNNrXcz9Q
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-