Overview

overview

10

Static

static

3

AppSetup_U...er.rar

windows10-2004-x64

3

AppSetup_U...am.pak

windows10-2004-x64

3

AppSetup_U...de.ps1

windows10-2004-x64

1

AppSetup_U...el.pak

windows10-2004-x64

3

AppSetup_U...GB.pak

windows10-2004-x64

3

AppSetup_U...US.pak

windows10-2004-x64

3

AppSetup_U...19.pak

windows10-2004-x64

3

AppSetup_U...es.pak

windows10-2004-x64

3

AppSetup_U...et.pak

windows10-2004-x64

3

AppSetup_U...fa.pak

windows10-2004-x64

3

AppSetup_U...fi.pak

windows10-2004-x64

3

AppSetup_U...il.pak

windows10-2004-x64

3

AppSetup_U...fr.pak

windows10-2004-x64

3

AppSetup_U...gu.pak

windows10-2004-x64

3

AppSetup_U...he.pak

windows10-2004-x64

3

AppSetup_U...hi.pak

windows10-2004-x64

3

AppSetup_U...hr.pak

windows10-2004-x64

3

AppSetup_U...hu.pak

windows10-2004-x64

3

AppSetup_U...id.pak

windows10-2004-x64

3

AppSetup_U...it.pak

windows10-2004-x64

3

AppSetup_U...ja.pak

windows10-2004-x64

3

AppSetup_U...kn.pak

windows10-2004-x64

3

AppSetup_U...ko.pak

windows10-2004-x64

3

AppSetup_U...lt.pak

windows10-2004-x64

3

AppSetup_U...lv.pak

windows10-2004-x64

3

AppSetup_U...ml.pak

windows10-2004-x64

3

AppSetup_U...nb.ps1

windows10-2004-x64

1

AppSetup_U...app.js

windows10-2004-x64

1

AppSetup_U...te.dll

windows10-2004-x64

3

AppSetup_U...ar.dll

windows10-2004-x64

3

AppSetup_U...ge.dll

windows10-2004-x64

3

AppSetup_U...up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AppSetup_Update-Launcher.rar

  • Size

    81.2MB

  • Sample

    230518-nl3ymaae96

  • MD5

    dfc9d426bc049010398cd315e4cb796a

  • SHA1

    6c1e4d4f2e770286d3abea116bec6ded8126f06b

  • SHA256

    f2e6ac8a6218654c3e13d4cf83edc3891cab488f91b68b4cfbd11bc1e2c49bfb

  • SHA512

    e88424a1dec624f72453566cd8fc785d086321ce51f2dcf52a91cd9293c44db3af3a911a268bce3b5af0db3de84224aad6b1428d21dc10433549563c33a6bd1f

  • SSDEEP

    1572864:53aV+g/Ro0Ea4i4RVAEs+mvnGs+mvnaEkU0/+vJqdROIozCJVgtYTPI8TDwIRS:53a8g/RLEaua5+4r+4aEkXWvA+RzCUt7

Score
10/10
vidarb89068e4534861e37a204b27184d8ae5discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

b89068e4534861e37a204b27184d8ae5

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre
Attributes
  • profile_id_v2

    b89068e4534861e37a204b27184d8ae5

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Targets

    • Target

      AppSetup_Update-Launcher.rar

    • Size

      81.2MB

    • MD5

      dfc9d426bc049010398cd315e4cb796a

    • SHA1

      6c1e4d4f2e770286d3abea116bec6ded8126f06b

    • SHA256

      f2e6ac8a6218654c3e13d4cf83edc3891cab488f91b68b4cfbd11bc1e2c49bfb

    • SHA512

      e88424a1dec624f72453566cd8fc785d086321ce51f2dcf52a91cd9293c44db3af3a911a268bce3b5af0db3de84224aad6b1428d21dc10433549563c33a6bd1f

    • SSDEEP

      1572864:53aV+g/Ro0Ea4i4RVAEs+mvnGs+mvnaEkU0/+vJqdROIozCJVgtYTPI8TDwIRS:53a8g/RLEaua5+4r+4aEkXWvA+RzCUt7

    Score
    3/10
    behavioral1

    • Target

      AppSetup_Update-Launcher/Data/am.pak

    • Size

      531KB

    • MD5

      e8bac983607c5432f789afdacdda42ac

    • SHA1

      95c26f47f7102be338263fd7f7e365632651f22e

    • SHA256

      ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7

    • SHA512

      5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7

    • SSDEEP

      12288:GguzxX8xfzKsEYg95z9SBeuUPQvx30jH8+I:GX8xfzKnYg95z9SBoPQr

    Score
    3/10
    behavioral2

    • Target

      AppSetup_Update-Launcher/Data/de.pak

    • Size

      367KB

    • MD5

      cfc9d90273c31ccf66d81739aa76306a

    • SHA1

      ecab570041654b147b3dd118829e2f7ae668f840

    • SHA256

      8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a

    • SHA512

      c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380

    • SSDEEP

      6144:F+QNkAjzYyqSFaPjON3Be0mzBWCj0Xs5HgIxBI0gql:cQLjMyvFaCN3mzBd5xy0gql

    Score
    1/10
    behavioral3

    • Target

      AppSetup_Update-Launcher/Data/el.pak

    • Size

      664KB

    • MD5

      8f5a15560710db2af852512b7298b93e

    • SHA1

      30a13ebef10108effbad8c24b680228660658415

    • SHA256

      bc07e403272a4d65305fe24a827404d7b931d01cda547f8c07a840d19e591430

    • SHA512

      e3cedc0eaa82b10a68a40aca8ec1379a6bb924766e1c5abd97e39c621dcbc195d6c1ff80921c2320f0f1c87d160bc2a6258108399876339e5104f98d90a861de

    • SSDEEP

      12288:RdquNwK202pgaZH4q5OaPY3HvO9K63/fgBsbfFnxHuhWTT9rkv0pfBtMMkffFZig:RdquNwK202pgaWqsaA3Hm9K63/fgBs9I

    Score
    3/10
    behavioral4

    • Target

      AppSetup_Update-Launcher/Data/en-GB.pak

    • Size

      299KB

    • MD5

      05ac84aa6987eb1f55021b6fba56d364

    • SHA1

      58cb66bba3af0c6cc742488ccc342d33fc118660

    • SHA256

      e1e357c853eed83fb6c4133f8f4df377a8eda4fe6f0e55395f21c5ab6e38faa8

    • SHA512

      c615e1eb01412c5e2c0402242d442a6cf08965318d1c0d261ca5bc6df9acba5efa2c87ade20e1e4740d2239ea56d1ce4d3fc7a4c3eabe81b876ecb364b3e91b6

    • SSDEEP

      6144:WJeP/KOb6vG8GGvDJAgdMP9ectcaAfaYEnG2J05SSvqo:1COb6ugdMrcarnGf5SSio

    Score
    3/10
    behavioral5

    • Target

      AppSetup_Update-Launcher/Data/en-US.pak

    • Size

      302KB

    • MD5

      3fef69b20e6f9599e9c2369398e571c0

    • SHA1

      92be2b65b62938e6426ab333c82d70d337666784

    • SHA256

      a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

    • SHA512

      3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

    • SSDEEP

      6144:yoaiWmH9xPN6DacNMP9elahdQfaYejDJDsN5ySMZswS:taiWF+cNMbhd7jDJi5ySEswS

    Score
    3/10
    behavioral6

    • Target

      AppSetup_Update-Launcher/Data/es-419.pak

    • Size

      366KB

    • MD5

      13c6d0a268545541f325375d431b41ae

    • SHA1

      5f5c41348f00c5e5539d261c2b76ae6e3ec7af83

    • SHA256

      943fa8774ade38d57349a5d27869097a782bc06bd34c40864a85ba829457d127

    • SHA512

      09cbb2b21304ca8afa8b760b738adb5422e83550085f1aed8e8590eeef04a2b0e131e1ead6723c3e85383630c483d7720e55f71305ff4821d7822fe6d7aa4252

    • SSDEEP

      3072:rt+uPUzEx0HrKJBjQMU0dmdv5jrqMCOyu0sdzPh7buhwwJ3Os57lLfGLFg3WSszj:rt+o+I0H6nUxv5rYQQJH5sLFg3WSsTG6

    Score
    3/10
    behavioral7

    • Target

      AppSetup_Update-Launcher/Data/es.pak

    • Size

      367KB

    • MD5

      c8086dc25cf0a3c978b2c3b37edf8d67

    • SHA1

      7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a

    • SHA256

      11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b

    • SHA512

      230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01

    • SSDEEP

      6144:OYkS2J1Bc2UoWCfgfr56ZLb5R7q5zrB7bUlo4AN6PZmz:OYl2XWn5r0pFRm5zreloXnz

    Score
    3/10
    behavioral8

    • Target

      AppSetup_Update-Launcher/Data/et.pak

    • Size

      330KB

    • MD5

      054865950b3b9e8312a7f9490268eaca

    • SHA1

      28b0176112eddb7af58386b4f8aed4a49b9a2661

    • SHA256

      3599e7138a24a31839da877cc9718b9c0c9522437ea93a6222a119080f108d14

    • SHA512

      bfc72f19ad1a52c0da82409accb33a27b2844ed29010207268c7d695ad7562a8867a87b70ac50142909b50b81a5c84d6f6a43968353ae7a72bc042aea8cbb59f

    • SSDEEP

      6144:GPJXg42WkHwGkDmzZpDM0djry2zuJbT/RcLvihV15Ujc43ceLfLPQu:6JuvymrDbWF15Ujf

    Score
    3/10
    behavioral9

    • Target

      AppSetup_Update-Launcher/Data/fa.pak

    • Size

      535KB

    • MD5

      c27431f2de37b9643b83e383f7eae5a8

    • SHA1

      16d068d9738e1aa9b94658299a4eac3972520864

    • SHA256

      bb28ad47e95aefaa2d8d7b6a7f449f9707cfadbcd4c21bad8bd8a6578108d2cd

    • SHA512

      4ccc46dc7756ea0e60e6d278bcac1262a54ba03742fd0eb4d9f1f962486394fa56491844871dacb4cb0501c6f594334d3f23f3db82bfdfa1f938e1ae609d6600

    • SSDEEP

      12288:aGz43DX9nuya1jfwHLwNUaGSSfStQvueKT+JwMTAKzIxRAQiHedNu3htodxWetlh:aF3luya1jfwrwNUaGSSfStQvueKT+Jw7

    Score
    3/10
    behavioral10

    • Target

      AppSetup_Update-Launcher/Data/fi.pak

    • Size

      338KB

    • MD5

      aac0554a39bb1ae91e2ed4246e04c30e

    • SHA1

      031785024765eda1534fd9504eccbe1b471ae618

    • SHA256

      df8cefa4831fc2fdf817dd6d49a6373edee4f51f23cf990c690e72ce348f69bb

    • SHA512

      a6afc9464047c75157dcb8ece086c1c5bf4dccb48d33da24e35c43110f300cfea503c4cca093f3d4bcc7a0fdcb306138da5be288ef646881b625751e40d93689

    • SSDEEP

      6144:3pR/2jxpvwhnVgQsm3aOE/8aCEELsR5w5jSH4EJ18GWU/8nZRuX1wr2:vOnvoG8a35w5+H4EJ18GWU/o2

    Score
    3/10
    behavioral11

    • Target

      AppSetup_Update-Launcher/Data/fil.pak

    • Size

      379KB

    • MD5

      f989a7215cac1e3fb4759e5fba9aef67

    • SHA1

      5ecf35f160e1f8242b3bca163673e24cf6d77403

    • SHA256

      448bc8eae353c188ffaa4c2466956598ad807f0f0aae7f12e1bc59584e1aac2d

    • SHA512

      b872beb5b1c2702f4eae616f633318b4575f573c06a3f1f0f1e1ab83585a52caf2f3c788c0c3a0d499c381fb7f06a3ea355b8686ded2ed1e392662f2746db01f

    • SSDEEP

      6144:Po2wvMrF/y/DQkaRqQHunLxenGkZ3+mo59gmPHkAxw78:ykeCBHudqo5KmF

    Score
    3/10
    behavioral12

    • Target

      AppSetup_Update-Launcher/Data/fr.pak

    • Size

      395KB

    • MD5

      13968778147dad5af68fdb7464ca517c

    • SHA1

      42abb9873c472a82d400e6896e90731b7cae06b5

    • SHA256

      7af39af49846fba6d6b8ee18b2a212f1323ebc1cff1af0053194d01d8d5433f6

    • SHA512

      c1f54ccf4f82e158173d9db8464adca64a88f8ddee23afbb51d80535b4f25f138dac16a337504ca3ff8c3dbe9aff05ecc2aaa40afe8d77bbbd4f141b07e39100

    • SSDEEP

      12288:k7L2tn6QuagV1YzhKJZsMYnYE1OxBW50xLHIWWCMcpU8wRp5a5FQusDh6dBKIJFb:GJVdMcN5B

    Score
    3/10
    behavioral13

    • Target

      AppSetup_Update-Launcher/Data/gu.pak

    • Size

      755KB

    • MD5

      7b476c423ce29e61b0b21d7b6a2a56b2

    • SHA1

      5558dcec5b2580345b0797f1f2ea41952417335a

    • SHA256

      047da4dfadcfc6bec8f4dc7d250b1757caf31a23bcfa2ea3e1f3b1cdbe9a3995

    • SHA512

      a494ab32e45cf74e2b7e0424b4e3740470c5c6cfac8f6cc980a681eb8c21cab76255391b6884134593dc7b1029ffd861f74b47130533232881c137c41ef92cac

    • SSDEEP

      3072:/h/zHr2DzDNmtZITYKMaWZu/lsMhmkTd4MUz2sQm251jvHsWnIIRfAHw/g/I/B6i:/ZDizBm/Voaz5cYh+Gyj

    Score
    3/10
    behavioral14

    • Target

      AppSetup_Update-Launcher/Data/he.pak

    • Size

      468KB

    • MD5

      f4dad4f97b5f75d6d7219d43f630c2b9

    • SHA1

      ed8c790b3b5e3faf683aa978895f266eea5b823e

    • SHA256

      6649a844f222cfcec01e75d3de3cb3658f1347ea3851d31b8124597b87e7b57d

    • SHA512

      f00e7e38ec0da1c110b4142dd13b3cae8b912c16518eeb4cfd7f19a0cef2c6601ec1e4959597066703b12b7dffb44fd918c7170231c2b42e40b0d90241b85133

    • SSDEEP

      12288:lsQOFiBr3By4L92QmYq6A560SAX4o75P5oAHM7O5p9mTfDnwPEQgo:lsbss5Bok

    Score
    3/10
    behavioral15

    • Target

      AppSetup_Update-Launcher/Data/hi.pak

    • Size

      787KB

    • MD5

      1185163466551aacae45329c93e92a91

    • SHA1

      0dcbfed274934991966ce666d6d941cfe8366323

    • SHA256

      eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5

    • SHA512

      6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606

    • SSDEEP

      3072:4m//Yxz8BS65Ob5EeQzFc67R7dk5Sv34QAEm5dmLrsoe4GR3doInN8edYbOqGPt5:rYZ895O9ExFlReg5R5HQO4

    Score
    3/10
    behavioral16

    • Target

      AppSetup_Update-Launcher/Data/hr.pak

    • Size

      365KB

    • MD5

      04fdc1dac2cae614b0f566310dc83bd0

    • SHA1

      74e460e19a5e9c8b6181fa37cb9085f93bbc6233

    • SHA256

      bada5828fc0d80c842d1409b54e8da516ae737ca30d86658b3fad5c8ace4722e

    • SHA512

      a07bebd16f00b0b46059a7b80454664757687a59903bc36cb837cfb55e69bf7f683157372f74ff8355ad50c3b747c9674ee942aac95a9804c39acb3841721d24

    • SSDEEP

      3072:Rt0zZ58bkQijHuVGgYzgJ5OSFT0uPFG4rV6WI6DkYAiKbeMuVjLsGW0Yqz7pFyLI:72Z5QYuVb3P6T5D37pW

    Score
    3/10
    behavioral17

    • Target

      AppSetup_Update-Launcher/Data/hu.pak

    • Size

      395KB

    • MD5

      410d8966721ff8817eb3a57f95a4b885

    • SHA1

      f0fbe70c772bd635b0c4a927420e15b96dae05a5

    • SHA256

      688312f38488c7256370b1517b84963a3ff886b31692cc504fe169db241a43f0

    • SHA512

      d0aa167ee919589ff3b80640e8db4c6d11f9159e4a246082f0a564482789011c260f124b9a7102649d998c6a89cbff58cffab5a40e33769b990e64d6cc703378

    • SSDEEP

      6144:gvROCXS24UmV5z/fZ2GRoSYTLySam7YF3tys5gRULJatGqUnvydpECk3ICf:gvRZsV5z/+lP7+tys5vNDp

    Score
    3/10
    behavioral18

    • Target

      AppSetup_Update-Launcher/Data/id.pak

    • Size

      324KB

    • MD5

      0e82cf23475ab7328741670f4dfa3093

    • SHA1

      fd854e31f4ab212d0b3bca676420d5600d8daa83

    • SHA256

      21368245d99265e760b1b57a3169feb72e6b5099c3f1855155d147b2f788eda4

    • SHA512

      52d694afeb3e7272740192e6b4cab9acab460ae6e66912f090b049a1f431a5c17a4c3d037fc9c450b8a224ed793605e234b4d649a95289770997acd43b5dbb32

    • SSDEEP

      6144:NbXLerWB/kUEPsw0ofjDVnjHFXFmP2L6aF5NyhBvt4fSRsEaF:h7cKE/0GVnjHF1m+LlF5Nyhs

    Score
    3/10
    behavioral19

    • Target

      AppSetup_Update-Launcher/Data/it.pak

    • Size

      360KB

    • MD5

      9fbb2f5d9c70d9e46368538853929f75

    • SHA1

      45daceb422478c5a7b7b61f5ee68cc08a19f2ac3

    • SHA256

      13dd077e5e8c8b04ac0854e4466ee074df67c74cd29cc48a0c2c9f96f768fad5

    • SHA512

      77d8607ba52190258ed2e7c6e43a44bad1669294a441cc6ee9d91fa28c26c6675225e41cc309200aee01fecc1a0d369a8e4458c0095c297ed237bba50798c4dd

    • SSDEEP

      6144:dF9dctIYSrqRrhsO1FGT9TEAGw3nlXgOPwtkWgGyu8HryYm0wNB6XtS6LevpLOvy:3/lZRe8+Yx3vjw5Lsol

    Score
    3/10
    behavioral20

    • Target

      AppSetup_Update-Launcher/Data/ja.pak

    • Size

      440KB

    • MD5

      67a379c826f0eb60750bfba0b8e10468

    • SHA1

      62662d8efd773b18c99169752996b11f30a64ca3

    • SHA256

      2c5457b0fa6fe41b7b524aa726dae4dd69e7072864f73f211c731810d00b9323

    • SHA512

      38c44dd6c83362cd118543b7619811c671283618a3081f07a015f8110388d71b7767eb0a7a49c37c8e2e9e900dae6aa7f8560e5494afe6b29e01ede402e4944e

    • SSDEEP

      6144:jUZWQGehaoFbqn6S+RUpZSb2LwPH+5VgxVg:LQhJe60pZSb2kPH+5VV

    Score
    3/10
    behavioral21

    • Target

      AppSetup_Update-Launcher/Data/kn.pak

    • Size

      872KB

    • MD5

      8a3427385226ab72e8421d84225f7adf

    • SHA1

      701a85bc6bca0ed33dbe1aa3a617ce26576c7421

    • SHA256

      c315e791770cea204c7e49ef5b68fa46fe42864a33e77fa5a1d42f87ba85124f

    • SHA512

      310719fb102c1f892d354f1478bba06e856bd45da08416be970a0a76e44c7d81aaa9ddd878234b2348b625e0d18cfe7c966379115f35d51f4ee78a986c1243b0

    • SSDEEP

      6144:O+wN1jeEb7qb4GvGK25j/u7cB2jrith0vkcVwVattrmQLHMj0AWviYRpySIvSuNu:NwzSS7qdR+QygZ5gJ765mWUj+yt++FS

    Score
    3/10
    behavioral22

    • Target

      AppSetup_Update-Launcher/Data/ko.pak

    • Size

      369KB

    • MD5

      3340fd0a5e8f97f122e1d6e9a2052ca6

    • SHA1

      9c8504b78633b6d6e445723b351a08392916c7d0

    • SHA256

      3ee7d79af9ec226bebfdd9d79907f1bc97d528d2009dbd0db23d74ad655e0256

    • SHA512

      07eb8dab24ea8545cdaf38e35bc23a71a33bf87a1c0ac78ac564c103c6ae53357de2d4fd635b22995cefdc9d8e8241c66d78dd44d68a9f2f251be77c0afa7704

    • SSDEEP

      6144:DL/SK0qZvHJmb1QdTVtZqZXRZqiq7vqLZyQnP9kYvWyCt8Oh+jJAhxlw5R7X98dz:DL/SQJmJKh0noyCt8OhoJAhXw5R7X989

    Score
    3/10
    behavioral23

    • Target

      AppSetup_Update-Launcher/Data/lt.pak

    • Size

      395KB

    • MD5

      c037c0d80be2c913c20e3fe96d9cdaff

    • SHA1

      8dfd2a42fb2e0041d6ac9b90c78b3cad0283c757

    • SHA256

      e7c133a8dc438870f97112587f5f223f5fcae4f1510874b95b72cc281fa150fd

    • SHA512

      0a90dd7d39759e1e63205a827ed6611dc6e54b37c668795123de7f35c446ee41174675a0d813974dba7353c0a1cc4320049d4fd1368cdfccb9cf9afa47fcb4f5

    • SSDEEP

      6144:ExMwGiVqc4anfOfbZnaI+onSzwB74p5Ub04ua7OoMI8Z2IF6SB:lw/M/fBX+onPup5S0MMJP6SB

    Score
    3/10
    behavioral24

    • Target

      AppSetup_Update-Launcher/Data/lv.pak

    • Size

      393KB

    • MD5

      b14f9d61e064903bc73d18e40846e1ac

    • SHA1

      5a3da27335194707ffeb07add46662df1fefd76f

    • SHA256

      6e99a3ef823a651f5187c5c549a6885002a2f8523c014f989ec6d53d87e7aac7

    • SHA512

      dab97f5d75d5f60c82969ac01dfc1ffffc0ec5fbe2063c6df0535130ea1432363be1475a440b6075440f68217cd6840a63bcfea0409586d755ff8e57c029baf3

    • SSDEEP

      6144:b3p3yLG9mRNhtVFO6mM7pl44cfX7apaRZ5v4m0cxEl9AC2anpArAFTHVs1C:TpigT87P4467zZ5NEH2ms1C

    Score
    3/10
    behavioral25

    • Target

      AppSetup_Update-Launcher/Data/ml.pak

    • Size

      915KB

    • MD5

      fc33673850c17a865cae7695fd3eb5b5

    • SHA1

      72f3241ea35554c881e1849ba53b8f64b04502c1

    • SHA256

      6295eb0b0d05d26b3fdaa19ad390ba30f267b7af7a60a214db558dcdbdb436c4

    • SHA512

      6845293c0cd4ee1aa94972da1d58fd7085da5dd664d4031005200ae38fc4ab20f2c5cf44fe07ff80e003ef072f7f1cb23a452d6ce47124aa1efb3d26ae86b279

    • SSDEEP

      12288:Wq0rekvVG6W+SG7/KgLC4nMmWDcZubSAemNPHVhJ5n/7d597Y3rE:fQel6W+jHsd5n/7V03w

    Score
    3/10
    behavioral26

    • Target

      AppSetup_Update-Launcher/Data/nb.pak

    • Size

      332KB

    • MD5

      f15c568a9ed8b2ca497571453ce6bce2

    • SHA1

      957ffec56ce14f33fa75f493936552751e966d16

    • SHA256

      18512064afcc3fb5a0e1f36400e592ff34e8c6c9a7ed0bbe3432255c4759ad8c

    • SHA512

      3bd27f9612b39836e5e7654e6f07c2fd5a31f2c338db36daa51e2c1462986cf4b651d555245ee2e97acd044e44a5beffb8cc9d56c1af11f52fedf9f7fbf7da97

    • SSDEEP

      6144:I9HHvGNQkyLirVh6EQFewqOp7fyyVgLmy07E6SRw5PX4RXODcF:6npqrOEQFewqOp7fyy3ELG5PX4IDcF

    Score
    1/10
    behavioral27

    • Target

      AppSetup_Update-Launcher/Data/resources/app.asar

    • Size

      13.8MB

    • MD5

      e2b5f33ee94cfd86c4fb62b33ee55958

    • SHA1

      cec825c811cba9b6c8557760fc83e2db99c08dfe

    • SHA256

      eded44c037661ed32f5585d16a773b9dd99630f4232807a58359bfc1a4984d5e

    • SHA512

      c27641d82c084ffcd86f7fa9faa85c4bfe82683cc02ac3305828feec323f8a2ff631b8394c6b7dd64df9b903454367f373297a6ee0cb939669ffdcdfa7cb66f6

    • SSDEEP

      196608:p2y6eZtDOBjsEHdjQhG/nvTX5YV9cf/Ok:ky6eZNe9jQQ/nLmVGf/b

    Score
    1/10
    behavioral28

    • Target

      AppSetup_Update-Launcher/Data/resources/app.asar.unpacked/build/notificationstate.node

    • Size

      106KB

    • MD5

      5d79aff7bc28d3b0c78f0162efdee407

    • SHA1

      98818c05a5310325fd1f8b00537fda50a0c58d91

    • SHA256

      5051d14c3067d856c74f47994ae2ba34f5994477607b5af0ce349f1f6cf8543b

    • SHA512

      c94987d7f450a2e992b946739c9fbac2945ebdda164a4917d00c79086482a02267da433bad710a407a02f8681b33be9069b4d17bf9d32f420a8f7d4d723ef716

    • SSDEEP

      3072:2NSQ5s9mQpnh5A9gdUhvVYL16NAqQoppZS:mvsgQlh5C+UhveLH2pZS

    Score
    3/10
    behavioral29

    • Target

      AppSetup_Update-Launcher/Data/resources/app.asar.unpacked/keytar.node

    • Size

      691KB

    • MD5

      c5c99144e2e1589628e14999ba59ad73

    • SHA1

      9c80f8de6b5cdaf38677d5368b5287bacb9e465a

    • SHA256

      90e35de89ab5e5f9290e4ff1bbadcf221a82b2aa0d9b922187dc980adff3c831

    • SHA512

      0bcb99953397c6604d8e08bf2ba89248ee82f92436c2dcc779157b65227b0e1350927273a1b6d150a9db914d0a8830680df05ef651ee291b40657a3025a721c5

    • SSDEEP

      12288:cRInDhSzUpqDDa2XX05VNpk4th460iQlp1Qk5wUFPcvKKR0JQQ8jKOx8:cOnDHpqnaskrdx

    Score
    3/10
    behavioral30

    • Target

      AppSetup_Update-Launcher/Data/resources/app.asar.unpacked/native/tvdbridge.node

    • Size

      296KB

    • MD5

      e5526203a1a46494f6940c755189321a

    • SHA1

      fe8995c525a41c38ddfadcce065bd5a4f9d6a9cd

    • SHA256

      d849a98540c05e1d0e770bc7d72a5d88213430745acf7aec8ecc246e042d0aad

    • SHA512

      033fa4ba21d8086e516deddac9d25aaa4180b4c341ceb05c1ef9f86a790ebf22a4ee4eb9505da6703cd4309cee1e6be76dbdf4870f0c4d398bababde9facf899

    • SSDEEP

      6144:0MYYj6PQEzvJhuQlVvR+biOSvX3wa5zedaPqhUrYOv:uYj6PbzRhflVZ+dg395zedaPEe

    Score
    3/10
    behavioral31

    • Target

      AppSetup_Update-Launcher/Setup.exe

    • Size

      38.9MB

    • MD5

      db97787a82082bbcfd8102e8fb921fb3

    • SHA1

      fe868dfc985cae473d7c24becafffe6336559b1f

    • SHA256

      eb9b8e49c7f13e4ed0d670f40f8c4f1ee379dce9bc376b156d6c5292336f4e80

    • SHA512

      08cf1ac6c7f55ab1af412c70c4feb202106cb1e946f41da5a5c846444c467bebe26a61dc7ecbba3e83c8f2ae1cd7900a8d3997453b5ee88f60f6f66ba1a3b6ce

    • SSDEEP

      786432:AnzMyaT5GtfSEfzIOqUlgFEm/HVpXk6MnYH/CteijCEzUZG7MG5:AzMyYiqAzIPUvmHQhPYGCEzx5

    Score
    10/10
    vidarb89068e4534861e37a204b27184d8ae5discoveryspywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
1/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

vidarb89068e4534861e37a204b27184d8ae5discoveryspywarestealer
Score
10/10