Overview

overview

10

Static

static

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TotalCommander2022Full.rar

  • Size

    8.1MB

  • Sample

    230131-tzkbbsha89

  • MD5

    806606daf90cf26675722769ee7755f6

  • SHA1

    ccdd5861a8f6ad2660913478b100b152d48f57cf

  • SHA256

    47b2e848bce7e03aa824bf75688c43b452363aa9190231fbc2122504650d7b58

  • SHA512

    a8cc9a37750312e3ede3920dfdc843fdae83658bdb3d5492b66a94111fa9ecd7bef9ab77affc2996844e02272ef7d55b9a223954ea0ca845793163076d673bcb

  • SSDEEP

    196608:27D3d1YH1zZvnBKXpGIyDqpR4as8bkxsVx024lzR1TrEcWHR:+dQnBKXo5aR4asnxsjs1R1T4cWHR

Score
10/10
vidar408evasionspywarestealertrojan

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

408

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    408

Targets

    • Target

      Setup.exe

    • Size

      761.7MB

    • MD5

      2786a1cb2ef300ab50b38898aef30bec

    • SHA1

      8df405d182592678171bc02a8d6221f2b7f4c2e7

    • SHA256

      2375f62c58ecbbffca5f650e09294148932ac370db8212d7e6caa03a3d0f9b11

    • SHA512

      9856cbea73d680731da529b530a3c482c9a3141cc68ca46bc58fc8b556c049fd7e2d3464b9e1aba3edf094e01830ab6ae85f1385c51814dc4c87600f3637e58e

    • SSDEEP

      24576:aIyFqmTcQ8bBWeSrrOjXBtEdqdu75vXp08cT1RE8Ka/GYg6dK5eg6Xr1fEPvk5uM:a7B/+BSKKZ5q1oAV

    Score
    10/10
    vidar408evasionstealertrojanspyware

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks