General
-
Target
setupfileapplication_v3.5.exe
-
Size
719.4MB
-
Sample
230124-zexzksfc9z
-
MD5
9166bb6eddddffdd50181010feccbdce
-
SHA1
abc3d0828b1658704ffc7aed1184622892a460b5
-
SHA256
76158b10a1015ceaaf37fa9bb1aa9a7ff4b7e366f6d833fcffbafd2904241833
-
SHA512
d00f7dbc1ddfcfc29d1b234b42708642f9e1f874c3c1f0aa54561482e5df20d8bb98080eec7ff09d6a9c621dcbe243e5d1a99499835c9f2a3164893abaef0d51
-
SSDEEP
12288:0QhQ2qIIkRx61KGXVCwlcAV7MpGxIZCdwDDx+6wNKMul0nQZpvMTM2qtI0qp/xPY:phQc61Y80c68T1q
Malware Config
Extracted
vidar
2.2
754
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
754
Targets
-
-
Target
setupfileapplication_v3.5.exe
-
Size
719.4MB
-
MD5
9166bb6eddddffdd50181010feccbdce
-
SHA1
abc3d0828b1658704ffc7aed1184622892a460b5
-
SHA256
76158b10a1015ceaaf37fa9bb1aa9a7ff4b7e366f6d833fcffbafd2904241833
-
SHA512
d00f7dbc1ddfcfc29d1b234b42708642f9e1f874c3c1f0aa54561482e5df20d8bb98080eec7ff09d6a9c621dcbe243e5d1a99499835c9f2a3164893abaef0d51
-
SSDEEP
12288:0QhQ2qIIkRx61KGXVCwlcAV7MpGxIZCdwDDx+6wNKMul0nQZpvMTM2qtI0qp/xPY:phQc61Y80c68T1q
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-