General
-
Target
Audition.rar
-
Size
11.1MB
-
Sample
230219-m2y4yafd52
-
MD5
6cdc41bc5b3a630e75f83f20b7ad9019
-
SHA1
cced4d1ae8e1fbeec51cc92bd0340b7213f7e644
-
SHA256
fd8f4ca0de661107d0caabd16b2fcce04fc4b59783db22e8ac3550db0af880c6
-
SHA512
62d8de1b4ddc53e0b1c5733e453814760d881452f6647505f3d295248a50c80baa3c60cf7b642859b9eff92e0bb1899aea49f94485a3342f38d04e5e20cbf0ce
-
SSDEEP
196608:XrfzGZeQN5hZA1J3WJftx77I/Ly+ModdOlSduj3142zKgEyDPNGy6++R5/frNV:jzG7jA1oJFd7I/Ly+fddOl7r14+REyDq
Malware Config
Extracted
vidar
2.5
408
-
profile_id
408
Targets
-
-
Target
Audition/setup.exe
-
Size
761.7MB
-
MD5
d2956439113ed8d56521d55b566160cf
-
SHA1
dc344753687f33430ec7eea823716fbdd2e066af
-
SHA256
ca3f82e0b9281ea978ace148c2ee28dc3c6a55471786a82156af3531bb20208c
-
SHA512
da0efdaf4983df711beefbf5c52e91d87845464ce151b1b1b1a46f6c05f9c4588639bf518eab6c9051bb631e35ab6dbdf6efd87d76cabcc0283b85d2e8bac077
-
SSDEEP
12288:GePTklV7l7g57eLmTgcH0GIsbU7i9f/jyarjK:Ge2V7l7wamQGk7i9f/3re
Score10/10-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-