General
-
Target
Mega_Setup_1234_PasS_O2b.rar
-
Size
5.8MB
-
Sample
221124-jza3jsdd31
-
MD5
6b6b4f79c1fdcdf1846fdaab31142436
-
SHA1
ed6b42e81307db23e6242c479e8b9f3fa53447b8
-
SHA256
eb7507564b36ed867c5269b50023f9d92f90f6bfa231d2147d95d396effc8e79
-
SHA512
c573b174373b9ff67b434848847f3a12a98c12fa8284b0f9bf82fb4bb9fd9abb7a19aa76b4996c0e46b5e0b6310beddd48cd27336fd6d083bdcc3e23ad1b7c30
-
SSDEEP
98304:igOsqtQ8WB4HadBFaiYq8v/OIfdvZ9cUNStbcO9lrJ/jhOkHMxuNw:ig/qm8WBagBFvh8d1nVStIO3V/1OkHMP
Malware Config
Extracted
vidar
55.8
1364
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1364
Targets
-
-
Target
Setup.exe
-
Size
402.4MB
-
MD5
6adcaa3e5c4f4e3032213c1fb3df7601
-
SHA1
c0244876355d6f78243bfff431c0291464294c76
-
SHA256
9a89f5cde589c87da99ada9d22a0007b4f831ad93165c0f8c3407193690549cb
-
SHA512
0062d487210d66eb1e3fa2688885749c7fb186fbdf3c287d53290ef07c93fc70da8162ab16c5a6930966ac2d14c3821cefbda2bd898e39dc27ac7907daaf4e03
-
SSDEEP
98304:acNazSSfyLzA5h3Y8VTnYgjs0QN6Xykq4phnp5S55nP7pvMQE+SmpW:V7zAjY8Vq6igjC5t9jpSmpW
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-