Overview

overview

10

Static

static

VegasPro.exe

windows7-x64

10

VegasPro.exe

windows10-2004-x64

10

bin.dll

windows7-x64

1

bin.dll

windows10-2004-x64

1

file.dll

windows7-x64

1

file.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VegasPro.rar

  • Size

    7.4MB

  • Sample

    230128-bsp9wsfb3w

  • MD5

    3ee9b4339652bcf9e83c4a55e246351d

  • SHA1

    a36205aafa91526ecc8889907dcc382e3d516b17

  • SHA256

    91c4a998815597516526c9107a51d61d7f752d0769bc8588e0586dd3fb8ee4ea

  • SHA512

    e461a2193fecaa176bd6f4efa2793957e940285c6fdf4bd849fdc581f05641d541e071596664e7509cf8275644b2822b998a8070c740085452230f696ac001e3

  • SSDEEP

    196608:mpbBDjuKGsz9fVXvZVXymyiLUMPBhe+6qbDWZqCrlX:mpj9J7XCKUMPb6AgV

Score
10/10
vidar408evasionspywarestealertrojan

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

408

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    408

Targets

    • Target

      VegasPro.exe

    • Size

      761.7MB

    • MD5

      2d790e017dca09d3497e3fb7b597bf15

    • SHA1

      24c82259cca85078cf6cc865c8d3ee010f7ca20d

    • SHA256

      0e9c05d27daf16d65dc642939d8c99a4853da6abf314e6f6095676def1672a9a

    • SHA512

      3d50d41ca2fe69c15ceae8c8be760386e88c14b5cb8dee26fa0026a6a8047f72cb3b6e5436e21463480b0d9d67caf8486d969d79e567289113f89471292c1215

    • SSDEEP

      24576:RSZQda8QjZq75Hj9dF/HYSmMKjjBn2tjGVZB21WtSHjCP0/speVIuD9im0sXtrQA:g8EZqFpASKjj3e3nPdNHZ

    Score
    10/10
    vidar408evasionstealertrojanspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      bin.dll

    • Size

      7KB

    • MD5

      d3b681d68824ea81f52c7d6b4a179da0

    • SHA1

      e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f

    • SHA256

      0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db

    • SHA512

      78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011

    • SSDEEP

      6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n

    Score
    1/10
    behavioral3behavioral4

    • Target

      file.dll

    • Size

      7KB

    • MD5

      d3b681d68824ea81f52c7d6b4a179da0

    • SHA1

      e944d64e8fb400d10f65dc0f1fc6c3ec01fbb16f

    • SHA256

      0985cefa256ac47b7298fb2f555c2087915b9682441487cd8171d5fe2c76c5db

    • SHA512

      78e6a4757e2cd851748fa7add9e1e9091b17979612c6a7c0989afcecde3076d5d9cf87d695baf7a86a205a338c83bc07013e0a8bf1673eb0a3b69493b8807011

    • SSDEEP

      6:qMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6:n

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks