General

  • Target

    LauncherPC_S0FT.zip

  • Size

    125.1MB

  • Sample

    240222-zlwebsfd83

  • MD5

    aab9d836e40219979272748e8b2c1021

  • SHA1

    14c4d1f1d76986f3d1d1f8eccf30872393408e4c

  • SHA256

    617fb3247090ea06850a68b7b287ef8f3f856859828c4009ea33bf9375575372

  • SHA512

    62580aa0d7e7bc2021d21767d064deb2849adab11b1a691f52ebbb37873c5082c60003e6f2701c4dd427adb439af5a675e06f207c5c76ad116272f8b765000d5

  • SSDEEP

    3145728:z8zevpmRpbeDA7d9E0+yHKgSxaLS2UbtvMYJ3p/NPaa:zbvpmRpbd7dznHKgSxx2gtvMYJ5/NPaa

Malware Config

Extracted

Family

vidar

C2

http://5.182.86.94:80

https://t.me/vookihhfds

https://t.me/secgoxrp

https://steamcommunity.com/profiles/76561199568528949

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:110.0) Gecko/20100101 Firefox/121.0

Targets

    • Target

      LauncherPC_S0FT/Set-up.exe

    • Size

      783.8MB

    • MD5

      fbe8ed195bd48fb454336c7b17e524d3

    • SHA1

      e11fee2e8965482450c4e6b7a44bf45492c3708d

    • SHA256

      0521cd6d3cc340abfe9f340b91987d840baddf8846d61a5a7d350d1968272b83

    • SHA512

      fd981a653447a5023a3cae15327fc0a4737cda12dcce25e638caf9e54a387578ecb4955eefc331a58b6f9da11188bb1bacddf252c9b0ba636389226dfda01ffa

    • SSDEEP

      393216:dpZbJIRQSoVL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eL0eLq:dSiSv

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks