General

  • Target

    1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541

  • Size

    5.5MB

  • Sample

    240330-tepqbahc7z

  • MD5

    e0dfc852c37571b8468b2d17f573a12f

  • SHA1

    38ec845f203450b7d6a51e9a441ab609b5ff1100

  • SHA256

    1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541

  • SHA512

    783c27474e39e99a4ab153f6d42f2b9808df2ebcd3b4299c0067ed9e21d635ba92505d21b96ccf512ca406a36ae9770ffce85e36842a9dac7a4ae87becdf35af

  • SSDEEP

    98304:Uuc009atEN5lsTu7vAcJnIQEUmM1nGGqJe2OUxulDhTCGiYbFr54L6Bid09VGg5Q:Uuc39a45lr7vR9nEi1nGGqQMuLWnOoLH

Malware Config

Targets

    • Target

      1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541

    • Size

      5.5MB

    • MD5

      e0dfc852c37571b8468b2d17f573a12f

    • SHA1

      38ec845f203450b7d6a51e9a441ab609b5ff1100

    • SHA256

      1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541

    • SHA512

      783c27474e39e99a4ab153f6d42f2b9808df2ebcd3b4299c0067ed9e21d635ba92505d21b96ccf512ca406a36ae9770ffce85e36842a9dac7a4ae87becdf35af

    • SSDEEP

      98304:Uuc009atEN5lsTu7vAcJnIQEUmM1nGGqJe2OUxulDhTCGiYbFr54L6Bid09VGg5Q:Uuc39a45lr7vR9nEi1nGGqQMuLWnOoLH

    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Creates new service(s)

    • Drops file in Drivers directory

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks