Overview

overview

10

Static

static

SetupFileS...re.exe

windows7-x64

1

SetupFileS...re.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SetupFileSoftware.zip

  • Size

    34.4MB

  • Sample

    230109-w4l2tsaf2v

  • MD5

    db11065a709b4313e41f516eebc85bcf

  • SHA1

    1642fca2dd39271b7b5a92056150c2e4ca2dc3c7

  • SHA256

    e19e24b6988b0ff530a7479dbf01da1d633a713b80878f475161eb58562a9e70

  • SHA512

    efe8275617b852dc037b83b672cd8dee6f2d55a2370034c9d2a36606fa30ecd670716837b32f218e98ed0121b2b8ffdc4dc493a3f53885de8700474b08397466

  • SSDEEP

    786432:J/RodIzaPEs7rWbm07N2mya5Et0DTnreJCYGMyq3sKF:lRoauMErWbRF544rqCYGMxv

Score
10/10
vidar751spywarestealer

Malware Config

Extracted

Family

vidar

Version

1.9

Botnet

751

C2

https://t.me/travelticketshop

https://steamcommunity.com/profiles/76561199469016299
Attributes
  • profile_id

    751

Targets

    • Target

      SetupFileSoftware/SetupFileSoftware.exe

    • Size

      819.4MB

    • MD5

      6169c33081a2a4bc10b7919a78ca971d

    • SHA1

      94a1ece56ca2110a232cfd4092da62d7ba57a1da

    • SHA256

      9aef8fdc5e0b17b200a92382229795afeda78f01f8e9cd99fcad147d7bb146c3

    • SHA512

      9a55a46a928ab1157f162c80e8c1c648e36d1a1d5e8b4b69eb2907cda7ea1cd9c54395ac5bc95753eb9f294146dfb90940416154e9bc5db25b9305a95b601d07

    • SSDEEP

      196608:FF8LwftnNw5RQ1bXFdyTjdK3svnOIaUOrQ1bXFd6:FektN7NXfyAsvUUrNXf6

    Score
    10/10
    vidar751spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks