Overview

overview

10

Static

static

Os_Editorx...11.exe

windows7-x64

10

Os_Editorx...11.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Os_Editorx64_win7-8-10-11.zip

  • Size

    73.1MB

  • Sample

    230201-xvjqsabd79

  • MD5

    3ccf8d10cc7200830f1928c21d644f2c

  • SHA1

    1e64f04b4a0df39e02a1335b9b15b6051abbb25a

  • SHA256

    25caf0e888be72469639d2000ac57fdf6aae85103e0f65b36fcfa0d1d6920afb

  • SHA512

    1df8e736ddf406738ac6666291e858b8967f01dee934f63dd524cc865b50a60dc513cbd7e08feb4075bff52ca595527fd2dc2b4070599557886d0f73e7d847a8

  • SSDEEP

    1572864:yoxKopPKs03Yoq7Py0EuXJCIVB4k1RPmSVhJnEUkF43Yy:yoxKopPKs03bq203JCIvT1dmSBnCWL

Score
10/10
purecryptervidar837discoverydownloaderloaderspywarestealer

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

837

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    837

Targets

    • Target

      Os_Editorx64_win7-8-10-11.exe

    • Size

      319.0MB

    • MD5

      cfc67715228aeff0bb92357d11bc3ce7

    • SHA1

      f8b664c669dcf720a33630462c6eaad31c415fd4

    • SHA256

      48a2f6dab127b5f79ca8293a19f14ffafabd0491e4a570b94b8a52807af5bcb2

    • SHA512

      cc21566a400002c6746c4519bae1a54def69bfbbf290bacee783b8c28687ba09973bd5c0063694b02df152a392b6273d243760397796a74b6ce33c8b4593f796

    • SSDEEP

      49152:QHuWBLVl5J4EUknv4QjU/5f5gB0dDKoXQo5xbhsJ8klAKjJWWnwn87fHhTjUNjHZ:QOUggv4QjsLzVKop85doKS87K5

    Score
    10/10
    purecryptervidar837downloaderloaderstealerdiscoveryspyware

    • Detect PureCrypter injector

      loader

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks