General

  • Target

    Lauucher-PC_S0FTv2O24.rar

  • Size

    123.0MB

  • Sample

    240229-x4d7naaf47

  • MD5

    c130523b4962aa3c7517a784562d0e8f

  • SHA1

    752dc31901bb8390af8c96becec17b4ee07e875f

  • SHA256

    a182666689dc10319581f2f424448623bb6ce27f6f219a44c7276439ec08d8f8

  • SHA512

    aad06781d30680720dc980db0e4219a51816ff23efa7a61cb0de32215d3bcd6c632b7704138117fbdba79665782a4607cf91420508e8d05c44e69732f0b7fd3e

  • SSDEEP

    3145728:Um1rnXqvbk4LHoW8TWAl422U4vqhNtCCV6wG:UoL6TDToZTzam8+NtCCS

Malware Config

Extracted

Family

vidar

Version

7.8

Botnet

97b92d10859a319d8736cd53ff3f8868

C2

http://5.252.118.12:80

https://t.me/voolkisms

https://t.me/karl3on

https://steamcommunity.com/profiles/76561199637071579

Attributes
  • profile_id_v2

    97b92d10859a319d8736cd53ff3f8868

  • user_agent

    Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Targets

    • Target

      Lauucher-PC_S0FTv2O24.rar

    • Size

      123.0MB

    • MD5

      c130523b4962aa3c7517a784562d0e8f

    • SHA1

      752dc31901bb8390af8c96becec17b4ee07e875f

    • SHA256

      a182666689dc10319581f2f424448623bb6ce27f6f219a44c7276439ec08d8f8

    • SHA512

      aad06781d30680720dc980db0e4219a51816ff23efa7a61cb0de32215d3bcd6c632b7704138117fbdba79665782a4607cf91420508e8d05c44e69732f0b7fd3e

    • SSDEEP

      3145728:Um1rnXqvbk4LHoW8TWAl422U4vqhNtCCV6wG:UoL6TDToZTzam8+NtCCS

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

2
T1120

Tasks