General

  • Target

    Open_New_Pass_1234_G4_Active.rar

  • Size

    5MB

  • Sample

    221220-qvjbpahf32

  • MD5

    6a8fddac3de8f8b18c3789d7455a506f

  • SHA1

    af822992f28e35504d8185fa558094e297a749ee

  • SHA256

    8c5d344c77678fee2bf370d77313cd82a72442c4128ddfe9b4e32333e60116cd

  • SHA512

    51283d6699bc0089543843e4acaafc192a7ae9d1590ed2969414d350e29d0905644f9340cc7578003077c3325da1d27b9f1908a0eb53dacd362ff8fd1f1a5a60

  • SSDEEP

    98304:3HRXfqJpFNq+m0w83vbMTmf9whXXATb55+itpglc7UbDeEHkg:3xXfqJpF7wGvbMkWhXXAR9tp4zkg

Malware Config

Extracted

Family

vidar

Version

55.9

Botnet

1707

C2

https://t.me/headshotsonly

https://steamcommunity.com/profiles/76561199436777531

Attributes
profile_id
1707

Targets

    • Target

      Setup.exe

    • Size

      402MB

    • MD5

      19e277683daaedb4b3942d3319d31e63

    • SHA1

      c824286280d18372edbc5940aedea542b1eb0cd1

    • SHA256

      b66d3f7fc15dce8aca5a8489ddb7135b2a49fc2e39653ae9ac8ac4f6ea815412

    • SHA512

      1568fcaf5a822634b2b8b1acf5d91f6b6e7288f2c8abb240211e071825449d987bb9ac4ef4f6ff78fa7dcf8e0860b1157e17a6f4929bb46a340dabe73c55eb73

    • SSDEEP

      98304:9I7ZAIHZKVhDVETi5MhW4BKqhd4PHWOI8qLukblj4LmyvdYqG11:90AYYVi5hkHatLukbt43v6qG

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation

                  Tasks