General
-
Target
Yuki_Setup_x64x32 bit.exe
-
Size
4.8MB
-
Sample
221205-hptlgaba4s
-
MD5
5a74e391a0ea185dfca07dc301cdcc1d
-
SHA1
786799284eb21c513d3f5c5248375275a987b87a
-
SHA256
e16ef87f4b5a00f88271531d4a527081f8a51299dee75eade76908b3f3e193ce
-
SHA512
89339eb5c7307cb2fc1b4759d3fa2dce95fa4a3783e0c920316a9bc8ce4be7648d650c1b0ef2af0187a9e74464dadcc88f04567f813b18d460a6d8852282f6de
-
SSDEEP
24576:GLI2WUQoOWUqHkMw1MvPOWAnURqoQJSRJWe:KI2UoYD+Yl9
Malware Config
Extracted
vidar
56
1325
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
1325
Targets
-
-
Target
Yuki_Setup_x64x32 bit.exe
-
Size
4.8MB
-
MD5
5a74e391a0ea185dfca07dc301cdcc1d
-
SHA1
786799284eb21c513d3f5c5248375275a987b87a
-
SHA256
e16ef87f4b5a00f88271531d4a527081f8a51299dee75eade76908b3f3e193ce
-
SHA512
89339eb5c7307cb2fc1b4759d3fa2dce95fa4a3783e0c920316a9bc8ce4be7648d650c1b0ef2af0187a9e74464dadcc88f04567f813b18d460a6d8852282f6de
-
SSDEEP
24576:GLI2WUQoOWUqHkMw1MvPOWAnURqoQJSRJWe:KI2UoYD+Yl9
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-