General

  • Target

    Lauucher-PC_S0FTv2O24.rar

  • Size

    123.0MB

  • Sample

    240229-vn9brafc4z

  • MD5

    85ae2bb9a48d19eb1e251e4c639623b4

  • SHA1

    2d5bd9af080ca22df3c9349fbb763e8f306b50f4

  • SHA256

    c40ca1b97583129f36b23afbf631cea540956a2de185b3a0e62feea244bd23a2

  • SHA512

    ecb320c7837300737fc47148a6d2eba52fe7a1f285e7a91510b92fec27aa042bbeef7e8b6fbe64166c9356ec30a63d305ca40004572dc3cec57b848a7f6796da

  • SSDEEP

    3145728:JBlgdsv/MHqp/BMCgpnlBIeHSHK0xkOeCbJfxS2C4CeGcsxabBx:JLmsv/cqpZMCSlO6wk5CbJfxLC8jsxaT

Malware Config

Extracted

Family

vidar

Version

7.8

Botnet

97b92d10859a319d8736cd53ff3f8868

C2

http://5.252.118.12:80

https://t.me/voolkisms

https://t.me/karl3on

https://steamcommunity.com/profiles/76561199637071579

Attributes
  • profile_id_v2

    97b92d10859a319d8736cd53ff3f8868

  • user_agent

    Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Targets

    • Target

      Lauucher-PC_S0FTv2O24.rar

    • Size

      123.0MB

    • MD5

      85ae2bb9a48d19eb1e251e4c639623b4

    • SHA1

      2d5bd9af080ca22df3c9349fbb763e8f306b50f4

    • SHA256

      c40ca1b97583129f36b23afbf631cea540956a2de185b3a0e62feea244bd23a2

    • SHA512

      ecb320c7837300737fc47148a6d2eba52fe7a1f285e7a91510b92fec27aa042bbeef7e8b6fbe64166c9356ec30a63d305ca40004572dc3cec57b848a7f6796da

    • SSDEEP

      3145728:JBlgdsv/MHqp/BMCgpnlBIeHSHK0xkOeCbJfxS2C4CeGcsxabBx:JLmsv/cqpZMCSlO6wk5CbJfxLC8jsxaT

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks