Overview

overview

10

Static

static

3

LauncherPC.exe

windows7-x64

10

LauncherPC.exe

windows10-2004-x64

10

Sounds/DG/PAV3WSC.exe

windows7-x64

1

Sounds/DG/PAV3WSC.exe

windows10-2004-x64

1

Sounds/Dri...cp.exe

windows7-x64

Sounds/Dri...cp.exe

windows10-2004-x64

Sounds/Dri...cp.exe

windows7-x64

Sounds/Dri...cp.exe

windows10-2004-x64

Sounds/Dri...ns.exe

windows7-x64

Sounds/Dri...ns.exe

windows10-2004-x64

Sounds/Dri...tp.exe

windows7-x64

Sounds/Dri...tp.exe

windows10-2004-x64

Sounds/Dri...tp.exe

windows7-x64

Sounds/Dri...tp.exe

windows10-2004-x64

Sounds/Dri...ps.exe

windows7-x64

Sounds/Dri...ps.exe

windows10-2004-x64

Sounds/Dri...ps.exe

windows7-x64

Sounds/Dri...ps.exe

windows10-2004-x64

Sounds/Dri...ds.exe

windows7-x64

Sounds/Dri...ds.exe

windows10-2004-x64

Sounds/Dri...ds.exe

windows7-x64

Sounds/Dri...ds.exe

windows10-2004-x64

Sounds/Dri...FP.exe

windows7-x64

Sounds/Dri...FP.exe

windows10-2004-x64

Sounds/Dri...FP.exe

windows7-x64

Sounds/Dri...FP.exe

windows10-2004-x64

Sounds/Dri...SL.exe

windows7-x64

Sounds/Dri...SL.exe

windows10-2004-x64

Sounds/Dri...p3.exe

windows7-x64

Sounds/Dri...p3.exe

windows10-2004-x64

Sounds/Dri...p3.exe

windows7-x64

Sounds/Dri...p3.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2O23-F1LES-S0ft.rar

  • Size

    16.5MB

  • Sample

    230610-f7nrtsfa5s

  • MD5

    699c763e28c5b268b7393bb53a164566

  • SHA1

    002bf3e2b54be8358dde73d49e9fccb98951ef29

  • SHA256

    8b20c4f222723037b9df600a444b358820f9aa1e51c8e9553cb5465859f9d325

  • SHA512

    4606acc1bde361e191b60e77ec18da3d06a685e114a4ab623bc2f9de43d688b308888b9094759cbbf826d4b3382a85517a03dcd44a04bf6b76326481f4fdd1bd

  • SSDEEP

    393216:+xpdy0arMDXL9fl/2OdvnU2KuS9rZ8/uPiPN4padfuy4:+raIDXL9fl/2OvnUPukZ82GN4padWy4

Score
10/10
vidar076239fffceeb88ff5fe3c82df6cb13bdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

4.2

Botnet

076239fffceeb88ff5fe3c82df6cb13b

C2

https://steamcommunity.com/profiles/76561199511129510

https://t.me/rechnungsbetrag
Attributes
  • profile_id_v2

    076239fffceeb88ff5fe3c82df6cb13b

  • user_agent

    Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75

Targets

    • Target

      LauncherPC.exe

    • Size

      1007.0MB

    • MD5

      080a33bd628b17bc39189fe5564b1091

    • SHA1

      a91f98f9c8a1aea6f3f780a443cb8a347f6171e8

    • SHA256

      3c3212e6a8feba64fc882bc09c1fc0f857716f9a1e119b580a7dae44a3f47581

    • SHA512

      7266866fd4794e9974c1777cb2c6697f15cb3c67387110b4ea2dcf80389c8289ad0778980244ce58d1ec48b1e0598480ab241857e79512b455ab87681c559596

    • SSDEEP

      196608:0fNAB95CtDeiMsrMGYlL9tWi/UcXxuP+GOK/ZC:aSv5uDOgMR9WG5xumGO6C

    Score
    10/10
    vidar076239fffceeb88ff5fe3c82df6cb13bspywarestealerdiscovery

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      Sounds/DG/PAV3WSC.exe

    • Size

      149KB

    • MD5

      8014bff2c0237d2002624d6b76c846c3

    • SHA1

      70f26ef7d0496d2c23eeac928a7cb43cfff97be9

    • SHA256

      d71836b7deccb91c9419b064284aa6824fdb06609e44b0adb1a95c976a928388

    • SHA512

      8bc0cbf8a1f6cfe273700c536e125659b27e290fc71ae0b097e1991dc371a0db0cfe9894bf32538593dbcfb5f6ea8e7d70bbe27178c5f511c75f8ad243a64fff

    • SSDEEP

      3072:XcYpATai7hZ0Bvz3K540ZSrRQf/cGQi2y:MYSTaiV+Bvz3iSt0rQib

    Score
    1/10
    behavioral3behavioral4

    • Target

      Sounds/Drivers/NNSDhcp/NNSDhcp.sys

    • Size

      108KB

    • MD5

      fcbf498ab77e374319aa72d093a37161

    • SHA1

      6e07ee655c08e8118438f3f5039f7a044a067cf5

    • SHA256

      a32fec18b6d3972095f2b177bd57deacf5fb52af187ca203ecc78f85368e234a

    • SHA512

      d6f07aa26b3e10cc7080c5969df8255b365f151f621084535997a2f146e669cfb07b3abb6bd5fb0b6b1c06d79e8d5351ab0ef72a3dd993be8dfa92c11757e6c9

    • SSDEEP

      3072:vvbyls/1NB29RvBEPpJBUL8YaFBbJxaVE:vjylstwpBuo2f

    Score
    1/10
    behavioral5behavioral6

    • Target

      Sounds/Drivers/NNSDhcp/WVista/NNSDhcp.sys

    • Size

      108KB

    • MD5

      361fc24cd58434ef7d71b51f18537af0

    • SHA1

      632febef312a3a28866549decde3a2dbf91ae971

    • SHA256

      56559cb8b4ecce9cedf3e85e6928641a01fc86f976eb6d3255d216a9613045b7

    • SHA512

      a285df3a06de9c31fe4202a0ab95d0bfa67454525a148fbac0711b327d5c19176ad627c405c39b515972b14f0d024f1e95fb5adede2d6c8d06a584daa0e37998

    • SSDEEP

      3072:4vbyls/1NB29RvBEPpJBUL8YaFBbqHSxxn:4jylstwpBuo29

    Score
    1/10
    behavioral7behavioral8

    • Target

      Sounds/Drivers/NNSDns/NNSDns.sys

    • Size

      142KB

    • MD5

      eeafb784b225d517bd1d5b55dc7096a8

    • SHA1

      9144d65d32eb3b06143663e90880cbdb68fbca48

    • SHA256

      b98d86866e271c1d7187d9c28fe55742ecb5b2f9a7f27b316f147e39ec2a9dca

    • SHA512

      8342a9e6d1bf0328c1075666b46c0dc0033e7e9659c9a62626827b81bca0eaca29f2aec245b323fd54ef4334b0a7aca91e09d08aa33d3de4dd6c2b02379c9046

    • SSDEEP

      3072:p7QLAKuiepTOj596NG9EMu/zCaQD1+3SG3Gx08L8Ti7e2Viy6Cx76z:p7QLAKuiehOj596NG9EMu/zCaQ03SGkQ

    Score
    1/10
    behavioral10behavioral9

    • Target

      Sounds/Drivers/NNSHttp/NNSHttp.sys

    • Size

      210KB

    • MD5

      1c3d01596c2cfa08ac90d74e119abbcc

    • SHA1

      8788c7e2a7710091ee18c01e8fcd93fcd4a11b6b

    • SHA256

      126f977a81ecb10ed8aa1ba1314e8ef8a92c0eecfdfc031a79f68415fb423b34

    • SHA512

      165073940d058153805bb4ac58f8eed81ceba64040f160155d84c053bde2485c83a56b5e796a72fe356121e680b5b4a4f3cbcce015fb90cd2e77fbe8b928841b

    • SSDEEP

      3072:G2J2GnFgrxWmZ9Hnmsq6y+bPOM2g7ufg0o/ef0Fl75bkB6V3z5+9ZPoBMR6x5/:3JvUo8b+9M2dfg0o/wKd5bkR9ZPZW

    Score
    1/10
    behavioral11behavioral12

    • Target

      Sounds/Drivers/NNSHttp/WVista/NNSHttp.sys

    • Size

      209KB

    • MD5

      96522be9ab926c44b3efe02d190eb399

    • SHA1

      5a08ba21e9b6fb896a4bec7d35f0f697be7cb206

    • SHA256

      5aed214a995fc9d3ec6d952d373c88e971cb3ad723c13f955bad1dba38dd90a8

    • SHA512

      b02bf5ba76a7e4b416e04042664df04d914cadd029fe9318cea7111644272cbdc57a2283ebd27ed315caef27059590373f36ec135f837f0a8c10887adaa02918

    • SSDEEP

      3072:U2J2GnFgrxWmZ9Hnmsq6y+bPOM2g7ufg0o/ef0Fl75bkB6V3z5+9ZPoBMRP7yx9:FJvUo8b+9M2dfg0o/wKd5bkR9ZPZe

    Score
    1/10
    behavioral13behavioral14

    • Target

      Sounds/Drivers/NNSHttps/NNSHttps.sys

    • Size

      125KB

    • MD5

      887a6e211601dc15730e5f2d0bf4df30

    • SHA1

      70b505fa302be63507812c9fe1c006a32d0ae075

    • SHA256

      69b8e87b5fd7e86f18a019eb133b91bff2fd7e34314fde4c8f652bd7942017f7

    • SHA512

      4b793c0d6dba2490c325616dc3d656c755edd4c295953486657576fb0c1719df8e6147762e485463637f4433fa7d0c3492ff055bde2867f392fa4a6e38048990

    • SSDEEP

      3072:zDW3zAoNcfLpGv6gP/CJ+K8ni+cEMRjxJb:HWjAo+fLpsLPPhU

    Score
    1/10
    behavioral15behavioral16

    • Target

      Sounds/Drivers/NNSHttps/WVista/NNSHttps.sys

    • Size

      125KB

    • MD5

      1c75e0df00def2030a7ff496a5b945b6

    • SHA1

      79ccc0d74781d2c8bb29578160f6a16f28eaf8ff

    • SHA256

      310eeaf49ff346dbbf07ee4401e1ae60bd2f70c4c6b21abf7cc5a399aa1db5a1

    • SHA512

      33e4eb5e1d48f138cfe7d94390063d92faf37d68f66b1e210c56a7b0bba42475996e0a2858568f4d6c294f39903c21da261c9dcf313a87674ea7d5ad56683070

    • SSDEEP

      3072:XDW3zAoNcfLpGv6gP/CJ+K8ni+cEMRwn9xE:zWjAo+fLpsLPPhS

    Score
    1/10
    behavioral17behavioral18

    • Target

      Sounds/Drivers/NNSIds/NNSIds.sys

    • Size

      143KB

    • MD5

      e6370604cc9338c40d226d61de6c7d54

    • SHA1

      71d3199a5b417f7a903321c684d084e01c854cd6

    • SHA256

      b14759727200a42b25c4f411e03ff01201f76f35f7d1e2cb59f2c542075a9784

    • SHA512

      0cda50470ed487a68038f14cf483f028882f3e9fc20296d09f1ca6a6680ecaffdcd8751aa50337d067a4f8d219bc16927e4585d8d013dd562214ddca4f67c1c3

    • SSDEEP

      3072:u/etm3VYt+DQLYfjHQQ17gc1VPDkTlISxPs:u/etm3VYtdsJ7bgKt

    Score
    1/10
    behavioral19behavioral20

    • Target

      Sounds/Drivers/NNSIds/WVista/NNSIds.sys

    • Size

      142KB

    • MD5

      62802a135bdf46b22f35c9905421f3b3

    • SHA1

      17929073f24c768cd6084d2ec89ca3e4efec5d6d

    • SHA256

      25c73bca17db04f9539bb2b4b5e718c2876ac9770606acfda92476879eae671e

    • SHA512

      4acbc8b09e767b4a4abcd4bfbd73543f6f70195af34aa6b2b18e1f3b72e567d450be15ef3fa897353183623ec1108d8df6da8bf0c0f0386733cc760d3e3d4a1e

    • SSDEEP

      3072:ucetm3VYt+DQLYfjHQQ17gc1VPDkTl6B5xJ:ucetm3VYtdsJ7bgi

    Score
    1/10
    behavioral21behavioral22

    • Target

      Sounds/Drivers/NNSNHWFP/NNSNHWFP.sys

    • Size

      206KB

    • MD5

      0d390a7c3f7db2f150ecd33203bec3fd

    • SHA1

      f7dbe21d13d60214c944500ac8e81bb08bd69232

    • SHA256

      3d1b9feafce7ccd1f52b6ab031819dc0171c87808fec22556e252695dbd349b5

    • SHA512

      90438a7460c978bdfd0f3cfd9bf486c98bb0efda0538312fd04681f709d2d1c69f9f904337731f5c834a20590ad145f47b926dbcb84ee1a70e39022138370d5f

    • SSDEEP

      6144:Cz1ppXZaTwWPCopz7ng8N01owCb50NPxv9oqHw8t0W04oht7U8Yo+z8:ypJaTwtopng8N01owCb50NPxv9oqHw8I

    Score
    1/10
    behavioral23behavioral24

    • Target

      Sounds/Drivers/NNSNHWFP/W8/NNSNHWFP.sys

    • Size

      205KB

    • MD5

      b086de66625da8dab49e7cf8e253ec04

    • SHA1

      149e5123f59915ea42a30127b3a03c2809775d58

    • SHA256

      0f7b4f7d535157ee2546b2d33933ec89b5856597ee9dee85046a1bf3930b8c37

    • SHA512

      3e15af0602c465fc633839ace369a9e228ba09f1d37bc12dda8a48f4cde0796f623e8b2aceb6b25aec24abe8a184964a82f4740e398908c31aea33dd980ce443

    • SSDEEP

      6144:1z1ppXZaTwWPCopz7ng8N01owCb50NPxv9oqHw8t0W04oht7U8Yo+q:ppJaTwtopng8N01owCb50NPxv9oqHw8a

    Score
    1/10
    behavioral25behavioral26

    • Target

      Sounds/Drivers/NNSNahsL/W8/NNSNAHSL.sys

    • Size

      147KB

    • MD5

      fcab7abe8a60f19b6ffe88df7d4594f0

    • SHA1

      65a6cffc074bff36003d2be63cdbb03b0a8319c0

    • SHA256

      4b814163d49d05e72f8dd518158006ccb854ed03d98adef95f206703ca500507

    • SHA512

      89385e1603ef9a9e95b6026de3dda1673be67cff3774daf45efedb59b7dd278935ec698070fcb05ea88935762f948670b43f8d3727e3559fc5cee69190477b86

    • SSDEEP

      3072:6KQwTYdkzMWZ0wIDOmsycLmj5CPQMzkZsQ7Hd7jI2aZ0/ekV7feBh9PxE:1gWCwIqnPGHd7jck0B3i

    Score
    1/10
    behavioral27behavioral28

    • Target

      Sounds/Drivers/NNSPop3/NNSPop3.sys

    • Size

      134KB

    • MD5

      472e053ca5a4784eb16674d9971d8b32

    • SHA1

      1b5669bc52f405c6649623011dae02f7cfba91f2

    • SHA256

      ff8844bb121bde577f344680c4f6b7441760e4243187e26fe261eb0dabc21bf4

    • SHA512

      1b86d650bc9879c85bcda729b476daa5d14f4e2872d313b5a1f8f31a7e8417e6d1f3921d2ff36851f938c9de4d61766efee8022339cf2e57c2f93e5fd40b0c0c

    • SSDEEP

      3072:0k2RHlIdsxt49agKzw31P4uNNmh1YvQbOR16xwE:0kel9w31P43FZ

    Score
    1/10
    behavioral29behavioral30

    • Target

      Sounds/Drivers/NNSPop3/WVista/NNSPop3.sys

    • Size

      134KB

    • MD5

      8347e712bb4d547312581a3ccab4eacd

    • SHA1

      0ed815763fa439541ca9094ab7182b6209f43ab3

    • SHA256

      814e7fdf2a709ed818a15ad6f431b09ccf36d36fee40041bb6f10647c54fb0a2

    • SHA512

      cbbfbff6f610fb2e6c84cd7422b47a01c6f7ca693e43d1dff9d01ab3923953d40e9dabff21c9251fc843324941a746b95e37256cb5fdce27ce671462d8427d38

    • SSDEEP

      3072:ek2RHlIdsxt49agKzw31P4uNNmh1YvQbOR1uQrxD:ekel9w31P43F+

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

Score
3/10

behavioral1

vidar076239fffceeb88ff5fe3c82df6cb13bspywarestealer
Score
10/10

behavioral2

vidar076239fffceeb88ff5fe3c82df6cb13bdiscoveryspywarestealer
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10