Overview

overview

10

Static

static

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ProgramFilesUpdate-main.zip

  • Size

    1.4MB

  • Sample

    230104-z1ep5adb4z

  • MD5

    da968dd87c625e46ee50a9b29167f070

  • SHA1

    b3e67a47a38a27cb1a9eb80685afacb4749a7e83

  • SHA256

    214f36aa4543731042e165fbf639beceaaf082a27c4d4872df688b22feba1c2b

  • SHA512

    e63d16b2c64b75cb92cc4de3cebb09ce40a14cc91c6e6e258fc30b1fd1ebfcbebe81609ba03cc1d667b45cec80f7dc6f041f7fc30d668c3b37d2c75d5105c2bf

  • SSDEEP

    24576:+t1lmhXukuakLxlYdoWiRwuy8FJigKq0/6cbH+rme4bbLbr9kfNVOEG9PE9Fk69c:+UhX2RjYh8ptObIZ4bbLbufNTGNIKMmJ

Score
10/10
vidar713spywarestealer

Malware Config

Extracted

Family

vidar

Version

1.8

Botnet

713

C2

https://t.me/year2023start

https://steamcommunity.com/profiles/76561199467421923
Attributes
  • profile_id

    713

Targets

    • Target

      setup.exe

    • Size

      687.1MB

    • MD5

      9e89bf23bcbacfd6785f04485f7185c1

    • SHA1

      d4e8ea4bdf9be9a6aa855ff408df6eabd0e16c4d

    • SHA256

      00f107d66b6536f35ab879b392ce8f623180180f078369f02f9fea6d0fc292c5

    • SHA512

      179d7d7595d65c3cade61affbf4d6b97870cddf00441a9501a3f87ef0745c017cbcd018c5715bca56d53ca041f822326619a982b0ba97013293ff01837e1f228

    • SSDEEP

      12288:aSnB2W+1MiSXn2gmDUsFqVhnDNLavmGi2Vq5:acJyY2goqVhDemGm

    Score
    10/10
    vidar713stealerspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks