Overview

overview

10

Static

static

1

Setup.7z

windows7-x64

3

Setup.7z

windows10-2004-x64

3

Setup/Application.exe

windows7-x64

10

Setup/Application.exe

windows10-2004-x64

10

Setup/Locales/ca.pak

windows7-x64

3

Setup/Locales/ca.pak

windows10-2004-x64

3

Setup/Locales/cs.pak

windows7-x64

3

Setup/Locales/cs.pak

windows10-2004-x64

3

Setup/Locales/da.pak

windows7-x64

3

Setup/Locales/da.pak

windows10-2004-x64

3

Setup/Locales/de.pak

windows7-x64

3

Setup/Locales/de.pak

windows10-2004-x64

3

Setup/Loca...GB.pak

windows7-x64

3

Setup/Loca...GB.pak

windows10-2004-x64

3

Setup/Loca...US.pak

windows7-x64

3

Setup/Loca...US.pak

windows10-2004-x64

3

Setup/Loca...19.pak

windows7-x64

3

Setup/Loca...19.pak

windows10-2004-x64

3

Setup/Locales/es.pak

windows7-x64

3

Setup/Locales/es.pak

windows10-2004-x64

3

Setup/Locales/et.pak

windows7-x64

3

Setup/Locales/et.pak

windows10-2004-x64

3

Setup/Locales/fi.pak

windows7-x64

3

Setup/Locales/fi.pak

windows10-2004-x64

3

Setup/Locales/fil.pak

windows7-x64

3

Setup/Locales/fil.pak

windows10-2004-x64

3

Setup/Locales/fr.pak

windows7-x64

3

Setup/Locales/fr.pak

windows10-2004-x64

3

Setup/Locales/he.pak

windows7-x64

3

Setup/Locales/he.pak

windows10-2004-x64

3

Setup/Locales/hr.pak

windows7-x64

3

Setup/Locales/hr.pak

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.rar

  • Size

    6.7MB

  • Sample

    230204-zzq2rsef55

  • MD5

    fcedea00be689e2af3ae1043242e5077

  • SHA1

    db509baceeb7610c165b4d5042bb7ea562eb1620

  • SHA256

    eb4a7d75e1661dc1d9e158317a788eaf1c280da115c0c78662d0cba514b1e59b

  • SHA512

    3d4578cb24e5abc9959c2579c3b405358e7e7a664d418ccd844fce7af8a6f1bbd6cfd9cce69a0e43c0513e7cfc2c8f545a1545ea425595377534dae840b13656

  • SSDEEP

    196608:PYWdEDom53foHJix3r7ZVVwkNynwYWdElomWmfoH39ZVdwkx:PYXv1f+ox3rVjRDYXl5f+3zrRx

Score
10/10
vidar408spywarestealerupx

Malware Config

Extracted

Family

vidar

Version

2.3

Botnet

408

C2

https://t.me/mantarlars

https://steamcommunity.com/profiles/76561199474840123
Attributes
  • profile_id

    408

Targets

    • Target

      Setup.rar

    • Size

      6.7MB

    • MD5

      fcedea00be689e2af3ae1043242e5077

    • SHA1

      db509baceeb7610c165b4d5042bb7ea562eb1620

    • SHA256

      eb4a7d75e1661dc1d9e158317a788eaf1c280da115c0c78662d0cba514b1e59b

    • SHA512

      3d4578cb24e5abc9959c2579c3b405358e7e7a664d418ccd844fce7af8a6f1bbd6cfd9cce69a0e43c0513e7cfc2c8f545a1545ea425595377534dae840b13656

    • SSDEEP

      196608:PYWdEDom53foHJix3r7ZVVwkNynwYWdElomWmfoH39ZVdwkx:PYXv1f+ox3rVjRDYXl5f+3zrRx

    Score
    3/10
    behavioral1behavioral2

    • Target

      Setup/Application.exe

    • Size

      761.7MB

    • MD5

      e9b86872f7ccb57f84737364128b7cc9

    • SHA1

      cc4edb90af92ae6b3e3122e6c3f35ed8f2b6d895

    • SHA256

      3a87f4c5773d261302d59628ecd88ef4de554c5d8ff90bdc0876c2d780779ddf

    • SHA512

      863e31eed9e359b89d121d5730a1350c37c757d1e3ae3f1fdfcc2d67a56eb6c5a19610a6234025530376f22c2a5c4f7d8bb329f276f95f753a2c15a46379e393

    • SSDEEP

      12288:Dudb7OgMxQ0Q2hxPSmIcqMvqYUtirJuD1mK3h1fNQ:S9n70Q2hZSmIcq6qjTb3/NQ

    Score
    10/10
    vidar408spywarestealerupx

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      Setup/Locales/ca.pak

    • Size

      319KB

    • MD5

      d8f581d4b51456a5a35441c92f4472d9

    • SHA1

      2c4efb6763957ca04db317c06147d37ea819f869

    • SHA256

      e33c02b937c56ea5e9e9859516aea5c54ac4af7cbe188a6f17e9d3e8f282516f

    • SHA512

      f9433d12bef2dac4c8813136237c2760cfcae87099368c8bc2447f54b73880cd2f29676edb588b7e5f7d569877fdda290939d8997d2b4c66fc9b3b032284981c

    • SSDEEP

      6144:OPe5SiatVLURCwR/PJsi8v5MGsDk+O/muls3Vx3ECSZ3n4eZQlrmwwVPMLLbcRBo:OP2SNVLURCwR/PJsi8v5MGsDk+O/muly

    Score
    3/10
    behavioral5behavioral6

    • Target

      Setup/Locales/cs.pak

    • Size

      327KB

    • MD5

      2a0cf0a8a2a45da8cc44adf47bbe5cba

    • SHA1

      f29e257d23cf5a7e881be277cf0b3ae3b59742e1

    • SHA256

      b3977c1243ff03a035fbe859c1aa9a44c243283c17601979823fa59c229ea2fe

    • SHA512

      073bba4a62617dc5f6a3d1dd874451fbde5ba08e7a09a2935d1b772031db8b5be10b9f47a099076acf3cd1a29bcd4ceb6116755cdb3240f44fa94c9244a9b5b2

    • SSDEEP

      6144:Ght+SgKAwa5QlAozP15ym//lDJ/V8QRsm:mJPAwaGvP15ym3lDlj

    Score
    3/10
    behavioral7behavioral8

    • Target

      Setup/Locales/da.pak

    • Size

      297KB

    • MD5

      e937a36e7f898438dc93fb4a863e4075

    • SHA1

      7aeba27fa3c227b2eb4a96ffc8f6316ba10214c6

    • SHA256

      733ed8cd18a767af16cbb233f67497215d950114525d814b9bc09a87594878df

    • SHA512

      c3aee3822891dd0f317e240fc490ad8ec57f5aae7a54ef37d16b247b782fb7aeaff55b4928e1b3e957c7ff0542368a71b5c9bb7003b12c2eaa37dd80d458167c

    • SSDEEP

      6144:t98EnUeoE5JvKq+xLOmwUKJJDe26swU1L0F5+AzO2F61zZhip:nFib2453

    Score
    3/10
    behavioral10behavioral9

    • Target

      Setup/Locales/de.pak

    • Size

      326KB

    • MD5

      14f8f2f240b301d114f5b4e4ab5b8e0a

    • SHA1

      0bcb1d2615e33eade38b2e3363abc1dea1151755

    • SHA256

      f4d2c292d2ffc4e75e1064f1829db1d8d4d13a3d96aa3548b9bbebdde338f9b5

    • SHA512

      05f86eb4dad977778ae4ab4f748e0798aa20464c68afdc86cebed8e485a0b8456549a6a3d0cfb12bbaea42178d9d5bd89968d4d8eef3887df1e172f4feecc993

    • SSDEEP

      6144:F9KU5i98V9o/k00+gQF9TMqgxO6H/XphwlL5mq2URSgq:d5ii9o/k00iF9IHJ/X25qOSgq

    Score
    3/10
    behavioral11behavioral12

    • Target

      Setup/Locales/en-GB.pak

    • Size

      260KB

    • MD5

      ff3c0eb20df6eadc21b631dab4c325a8

    • SHA1

      0da2745f1a938d4a2bf136c2210992893ab89481

    • SHA256

      8b3a34638c29a34ac1dab1e9bf497e24206842dfe43ca691698016da432420a7

    • SHA512

      d77c3486568936bf47a2194d99afc55e5fbdeb8f7128fada56030cb8bc996e91906a03fad6126ac852ad23287f98d285f82d9319c49e59ce24625c61bc1bb059

    • SSDEEP

      6144:8adsdJuwP8bWX8qmMz9etivEfaYpk86xbx5WbTek:8bdJjFslMPv986z57k

    Score
    3/10
    behavioral13behavioral14

    • Target

      Setup/Locales/en-US.pak

    • Size

      264KB

    • MD5

      d88e338ff3888fce101a75ef0abd85d5

    • SHA1

      4511a5856d10f69c1735e789c7b147fd3a93af5c

    • SHA256

      7c803adac2d68a729365e79b3711cfef9cb51566324aa579a62a5347643e0e1f

    • SHA512

      5af3780f6cd4cfc0657333d498a833f199c843cd9d23f25b80bbd05166c777d7effe7bad80c9b64d2278087dfe35ab88943ea27db7c9ea3cb2f0a44f44e39193

    • SSDEEP

      6144:XlfQARNT63wWsweMz9etEo8faYGDWz/zV5xcV/wS:1fHRV6gD9MVoXWz554/wS

    Score
    3/10
    behavioral15behavioral16

    • Target

      Setup/Locales/es-419.pak

    • Size

      317KB

    • MD5

      32b26b9afb8dd050c0dabf5fa3c5f787

    • SHA1

      11d0336356a1469727642db8a78d793f7cbf886d

    • SHA256

      5e3439226db55927497df667b37a37b7c7307db4973ee46d9415c1e337ed4820

    • SHA512

      f4ead39651e34da95181cfe448dffee8e46f8deaa6b47926b986201ec089d6af9320477311dc1824f1e535f75813cc09194bfbf77cefe573fe5e08f46b88c0d7

    • SSDEEP

      3072:y1I8rQvEO/A+HVavjTxjze0nL13q+YHWyr8dN5TlQ+sQRBzgm9M:y1ZRO/7HVAmEggdN5KQRBzgm9M

    Score
    3/10
    behavioral17behavioral18

    • Target

      Setup/Locales/es.pak

    • Size

      317KB

    • MD5

      232beb6fc6e4f8bef55318958ed60c3c

    • SHA1

      adfe81da2e24af959ee797b1d1d9d7ecce35b25f

    • SHA256

      11d1a7d3657c61ff76bc48209330c1e63b826f46d37b0266dc5d690b95abbc9a

    • SHA512

      326cb3b5774caf8c58dfad237b0cde896a81e049bb9abc4f762593b495105c5062c38692a17e06becb835ca2d66aa0745dc1940566c886b47cd6a26c4e70ad04

    • SSDEEP

      6144:xQeXGXDDaCygF5PKBlmk5B7sGEPpGO6PZOk8q9:xJXQDDasVo8k5HEPA9

    Score
    3/10
    behavioral19behavioral20

    • Target

      Setup/Locales/et.pak

    • Size

      286KB

    • MD5

      1c375c0908a2b1efb0ce0f78bcfb26c2

    • SHA1

      7a2d7dba8094ce049b41daa2e6cf63cbf00adf07

    • SHA256

      797feaa296a9e7829ad7c61a4cb21caf58d227dcddb6b09206610a419408fd25

    • SHA512

      ddc7c97a70a00067e8bf30e31bcba7290629d03997be2135cce37053cde3271c06bc11e119dbb67d55cdd18bccd18dcfeb7d5603c397f5c55d5272e310509338

    • SSDEEP

      6144:p4lda1pvZ8LMqZBjU+4hbit85g4pwdEyfPQn:p4zYGLM++5z

    Score
    3/10
    behavioral21behavioral22

    • Target

      Setup/Locales/fi.pak

    • Size

      291KB

    • MD5

      a14eb6a83d450b6cb446000531905bb4

    • SHA1

      d189aebc78a6a5ae0467d8681e460b49cf55f357

    • SHA256

      304302bfed0f9f8a45439d86ee13d96060a3369ebf821ffa4fd779dc07f75080

    • SHA512

      f36184300460185bc9a6418d56d3648b48b438b2a35a7dd0929a6a5ab096636ad4cf4811a6bf6b5bed78049a0671e1f471d24df6c8625e5b3c931fd6b87c1403

    • SSDEEP

      6144:OgEzuIxpVNqWOEInULq53+o1E918PnRm0qX1w5:OgEaPR53+kE918Pp

    Score
    3/10
    behavioral23behavioral24

    • Target

      Setup/Locales/fil.pak

    • Size

      329KB

    • MD5

      392cf9a00dc0bc33ddbc7657c0cedf16

    • SHA1

      24c694ab66d9a2e6fe5894bfeaccd1dd561090cf

    • SHA256

      00d42753b54df1ee98ee223f8e0f2af559d6861b8ff38340eced8a74a2822b7f

    • SHA512

      6251ee72eb2602b3c29126e35f58469291add77e533c8a5c160489c33b099e12af820d94654dbcb2f4cdfeb780f4d47be5d268f485aca40461885e90d97be05b

    • SSDEEP

      6144:w5pJQa/RHDQ277GI0x0cbJXqGtZ3/5YhhTAH9T8:w5pVSx9D5vS

    Score
    3/10
    behavioral25behavioral26

    • Target

      Setup/Locales/fr.pak

    • Size

      346KB

    • MD5

      b23d3b75641a5796d484cf7acdf5388e

    • SHA1

      b86d33e0531d21dac2794f5bc481113db17052d8

    • SHA256

      44c03d05283303c00333f1356c738d6ff87708e4ae3f49e04813426082844943

    • SHA512

      c496a1e626c631c1f4f5b06276e034328911d581fcc6e9f91993021076907fb75c52787a2aa77b903c0379be848b9e3d78d864be06284aae07d9d1d6b0a4cf55

    • SSDEEP

      6144:uHcQVy19T0JoUX2bwT6r6QuaxVZrwnDv+OQ6rjzMYnYEo3ppmwurspz4kyxx4VJz:u8C09Br6QuaxVYPzMYnYEo3FOsakuxQz

    Score
    3/10
    behavioral27behavioral28

    • Target

      Setup/Locales/he.pak

    • Size

      404KB

    • MD5

      ed7894ea84474789c27657e91e7c184a

    • SHA1

      4b883e05cda2063450f65bbebd53b4269fca79dd

    • SHA256

      2a12317b35d0863bd3f457e321b7d30812ee00f278d25b7607f9bb6287b00f94

    • SHA512

      b3b04284c21a63b5a39dc6dc207839db813294e95a5a8571fb8016fd0c27bb8832512c0ff056a5236c0e21d5dcad1570314647437c80b5457d03c192d28f014f

    • SSDEEP

      12288:dNuRW5zrEBdp1h2U+MhI6011D35OGOMKK5iVRD8GVQcL:DKa5i

    Score
    3/10
    behavioral29behavioral30

    • Target

      Setup/Locales/hr.pak

    • Size

      316KB

    • MD5

      cc69a93d29843651c525f43d08b42b28

    • SHA1

      94d7c7c95e9390996144623e19a45deadf918104

    • SHA256

      bd17debf1cf886d655bfd749ccd5880f3596faa3d40ee50573b651942d60ace2

    • SHA512

      d98cacbdeff1c11903bc1b4e1d98ce294136fb1421af62ffc0e229f8c4edd401e69f489610157c3d2dc2e4d3789ddba189136821fc54eb15f31bb36cd10aeb13

    • SSDEEP

      3072:Q7tzXt2fbDjCtSi+OSBH0uP5xnCV9ZnTC0tl56ttJdeVOGOZYuiEs4W3m3q1+l3P:Q5kuB95pB5XHC

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

16
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

Score
1/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

vidar408spywarestealerupx
Score
10/10

behavioral4

vidar408spywarestealer
Score
10/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10