vidar | f50e031d2aa1551821cf2a6b06d9c4d07d55338f9e78add942793ef25501ec49 | Triage

Submit
Reports

Overview

overview

Static

static

7

SetUpSoftw...19.exe

windows10-2004-x64

Sharing

General

Target

SetUpSoftwarePRO_v9.19.exe
Size

782.5MB
Sample

231029-3ljbjsbf73
MD5

18c43f4a88e3a6c1a4f243407954d39a
SHA1

593a9909a0c27f861926a95bf29f052bae7f7f0f
SHA256

f50e031d2aa1551821cf2a6b06d9c4d07d55338f9e78add942793ef25501ec49
SHA512

5119c7238c0d87776f7251724148efea76ff1b38d2b9871c3718fff27dc3d2ae672419ca120cb9ca1ebd5fe5eb658b65ac795d74d503772347af1c9acff40f2a
SSDEEP

196608:Uth6DSxeWtalCT6FViTKWxdXbkRQVkqiewdqAv2:UtWsJ8lCT6Fo7BYyVkTewFO

Score

10^/10

vidar f7893b40d11fea7da4c9eb28d53aaede discovery spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SetUpSoftwarePRO_v9.19.exe

Resource

win10v2004-20231023-en

vidar f7893b40d11fea7da4c9eb28d53aaede discovery spyware stealer vmprotect

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

vidar

Version

5.3

Botnet

f7893b40d11fea7da4c9eb28d53aaede

C2

https://steamcommunity.com/profiles/76561199544211655

http://5.42.79.33:80

https://t.me/vookihhfds

https://t.me/buukcay

Attributes

profile_id_v2
f7893b40d11fea7da4c9eb28d53aaede

Targets

- Target
  
  SetUpSoftwarePRO_v9.19.exe
- Size
  
  782.5MB
- MD5
  
  18c43f4a88e3a6c1a4f243407954d39a
- SHA1
  
  593a9909a0c27f861926a95bf29f052bae7f7f0f
- SHA256
  
  f50e031d2aa1551821cf2a6b06d9c4d07d55338f9e78add942793ef25501ec49
- SHA512
  
  5119c7238c0d87776f7251724148efea76ff1b38d2b9871c3718fff27dc3d2ae672419ca120cb9ca1ebd5fe5eb658b65ac795d74d503772347af1c9acff40f2a
- SSDEEP
  
  196608:Uth6DSxeWtalCT6FViTKWxdXbkRQVkqiewdqAv2:UtWsJ8lCT6Fo7BYyVkTewFO
Score

10^/10

vidar f7893b40d11fea7da4c9eb28d53aaede discovery spyware stealer vmprotect
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarf7893b40d11fea7da4c9eb28d53aaedediscoveryspywarestealervmprotect

© 2018-2024

Terms | Privacy