General

  • Target

    LauncherPC_S0FT.zip

  • Size

    241.2MB

  • Sample

    240222-zfyx9sfd32

  • MD5

    3c36c1c97de2f4b39e8c0f57c57401c0

  • SHA1

    4878af704b3307e5328665cd9bfd02f386303f65

  • SHA256

    0fe4d71e5a2794035fb085ff7b79b4752c6f35d46c28d2480beb0eba41016552

  • SHA512

    847997ae94bdac180a393f83d3b17a87d6af509f6771ca8f04d37f8856415acde8c79bdf75a85165e856db56bed38d117209bb19bd3e6a3215a006493321cffc

  • SSDEEP

    6291456:NHKZ+JueguLwfunO2W/ToM7Z5R6OPY9AZQ6C+t8b2qCRSbvpmRpbd7dznHKgSxxw:NHKZQLgEwfajW7okvRDQCQL+mb2qhmX1

Malware Config

Extracted

Family

vidar

C2

http://5.182.86.94:80

https://t.me/vookihhfds

https://t.me/secgoxrp

https://steamcommunity.com/profiles/76561199568528949

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:110.0) Gecko/20100101 Firefox/121.0

Targets

    • Target

      LauncherPC_S0FT/Set-up.exe

    • Size

      597.9MB

    • MD5

      8a30291c653f6b3c4f7c7c04df07ff49

    • SHA1

      ba241086d27312c723750b79a37f339874007dba

    • SHA256

      2402aa5e5f77a7e485c31c134770b9ff4be70c9038b634f745694d6cd02a01d1

    • SHA512

      1f67a07fe479b35782e65d431777d201471fd6e3ac0849e673932f789d7bcde1e69b19a2e4b7a4f1047fe732648f80e9218d256068de8e0fe7f1c9a8290866c0

    • SSDEEP

      393216:dpZbJIRQSoVL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eLT:dSiSG

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks