Overview

overview

10

Static

static

1

Canva Pro/...on.dll

windows10-2004-x64

1

Canva Pro/...er.dll

windows10-2004-x64

1

Canva Pro/...er.dll

windows10-2004-x64

1

Canva Pro/...ce.dll

windows10-2004-x64

1

Canva Pro/...in.xml

windows10-2004-x64

1

Canva Pro/...ls.xml

windows10-2004-x64

1

Canva Pro/setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Canva Pro.zip

  • Size

    11.8MB

  • Sample

    230222-ek6tfsbe9x

  • MD5

    55ed6b10745acf1f76cef271b03c51e1

  • SHA1

    5fc890bbc622630ceb3c5b493e06e0600735790e

  • SHA256

    37527c641bc91bae5fdba37aa6fb8c3152c5935ceffdca4299071775dae589ce

  • SHA512

    f8699fa65ab6a5fce9c52f4bbe3d12822a2b676aa14a9f0161d7ea99506227c059042435a02c989a185b6d15e0e7fac3ce315cf142a6f479559ae68a6c687d99

  • SSDEEP

    196608:4bIJzPbmyjUluAR93/N78qWaZ2w889l4WocPv/MP3L+6WQholEM2S+LaaM4:4khK6UD31caZp8o/ocPv/f6WQhYcaE

Score
10/10
vidar408spywarestealerupx

Malware Config

Extracted

Family

vidar

Version

2.6

Botnet

408

Attributes
  • profile_id

    408

Targets

    • Target

      Canva Pro/Data/Debug/Addition.dll

    • Size

      30KB

    • MD5

      f22e849a370cdf127f48beab596bdd81

    • SHA1

      fb1da47c7a246f2cda7f7686a468efafd9933b1e

    • SHA256

      8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9

    • SHA512

      6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14

    • SSDEEP

      768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V

    Score
    1/10
    behavioral1

    • Target

      Canva Pro/Data/Debug/Cracker.dll

    • Size

      56KB

    • MD5

      404aacc737a9d30147d30cee6be0abba

    • SHA1

      5f49b9197d73b53eb3473c80a6f25dc068421baf

    • SHA256

      3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c

    • SHA512

      eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20

    • SSDEEP

      384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a

    Score
    1/10
    behavioral2

    • Target

      Canva Pro/Data/Debug/Helper.dll

    • Size

      189B

    • MD5

      9bb9aba5dd893bbccfa45e2d75d55d26

    • SHA1

      5714796513341ac3159a6a3c23d4769209063d35

    • SHA256

      6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419

    • SHA512

      f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b

    Score
    1/10
    behavioral3

    • Target

      Canva Pro/Data/Debug/Resource.dll

    • Size

      10.7MB

    • MD5

      641dadbb3f03938da99bf7c6c4cc482f

    • SHA1

      b21bdb69a17642ade8e62fcbd779ff1bc89ea809

    • SHA256

      883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479

    • SHA512

      7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5

    • SSDEEP

      196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP

    Score
    1/10
    behavioral4

    • Target

      Canva Pro/Data/Packaged/Main.ini

    • Size

      1KB

    • MD5

      7b53ebd64e5781e02eaefb6739a6b556

    • SHA1

      d5332b200cf5dcea0419afdb66a15d89b9eb619f

    • SHA256

      b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20

    • SHA512

      c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd

    Score
    1/10
    behavioral5

    • Target

      Canva Pro/Data/Packaged/Utils.dll

    • Size

      1KB

    • MD5

      73e051427246dd4ca45935b1a4bd7e2d

    • SHA1

      7216f05041252f1c3a9d84aacdf84ef62f1a1045

    • SHA256

      b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f

    • SHA512

      3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36

    Score
    1/10
    behavioral6

    • Target

      Canva Pro/setup.exe

    • Size

      761.7MB

    • MD5

      52e16b1e21fbafd5d7fe8b61ff3e7159

    • SHA1

      cf11ccd4ccfff1d14f2525e12b1f19dd51aaa191

    • SHA256

      0d94204c940cc218d21c1f10b7d77477a0cf932278a356279d23dafc44c923e2

    • SHA512

      624b8a5138b5edaa2e811b64dbe7ab62e561172ef0bca38e11472c39ab534302a844fc5036669a8138f6b5138661e7b3bf744927d8952941d36886bd401edbec

    • SSDEEP

      12288:NdBCCL9DFn7TvTswnmsyzNkv4Yp2yYiL39h:NdBCCL9DF7Trswcw4k24h

    Score
    10/10
    vidar408spywarestealerupx

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks