General
-
Target
AdobePremiere2022.rar
-
Size
7.4MB
-
Sample
230129-sk7mmsdd21
-
MD5
690b48d44bdd1cb44888841954bfcd2b
-
SHA1
ef66342ac46b316d0ca2e99170f4496df591a290
-
SHA256
c579b3b416b609bbabae85e2074e408f1e7f3071353c2f42bd826c90c04d7e8b
-
SHA512
949f35f129ff999e04e11c06c35a58fa6c4da6a4cf206344eb5c44cc62786f44c937a98ba6b51437525fdb09df5d9af1fac3e62263ddac775f522151bdff642a
-
SSDEEP
196608:FuGA5SLImLt01XD2A8IZ7lHPQLxyD8FW/prn5wjN4RhftNfT6Rjy:8CnC1PdG1OQW/JkN4rt9eG
Malware Config
Extracted
vidar
2.2
408
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
408
Targets
-
-
Target
AdobePremiere2022.exe
-
Size
761.7MB
-
MD5
2d790e017dca09d3497e3fb7b597bf15
-
SHA1
24c82259cca85078cf6cc865c8d3ee010f7ca20d
-
SHA256
0e9c05d27daf16d65dc642939d8c99a4853da6abf314e6f6095676def1672a9a
-
SHA512
3d50d41ca2fe69c15ceae8c8be760386e88c14b5cb8dee26fa0026a6a8047f72cb3b6e5436e21463480b0d9d67caf8486d969d79e567289113f89471292c1215
-
SSDEEP
24576:RSZQda8QjZq75Hj9dF/HYSmMKjjBn2tjGVZB21WtSHjCP0/speVIuD9im0sXtrQA:g8EZqFpASKjj3e3nPdNHZ
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-