General

  • Target

    Adobe.After.Effects.2024.v24.1.0.78.rar

  • Size

    169.9MB

  • Sample

    240331-tmym7afb56

  • MD5

    9e1eeb3de612515403f1116ca3ff43fe

  • SHA1

    ef3b3b0ada892169f0b482f8f95cb78d4462ef26

  • SHA256

    c16fa42dd6874f4af0b195a46d93191cb22a4d4ab078aa91b6e4e1d6e7c86858

  • SHA512

    c14435bdbd62bd7c16387b2c247e3c641d22b7d4d650a8ef7498d47aad1042660def9d5690f396282bc91cb538ca86a8b0b7c215eda2cea099434cfd90149542

  • SSDEEP

    3145728:wFpn/31P6ZETQy6f8lONInnV5Sg9ueQ7j6vvCgfV3erzNORNC6kv:on/liQhlON4nF9dYjDg9erRp

Score
10/10

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      Adobe.After.Effects.2024.v24.1.0.78.rar

    • Size

      169.9MB

    • MD5

      9e1eeb3de612515403f1116ca3ff43fe

    • SHA1

      ef3b3b0ada892169f0b482f8f95cb78d4462ef26

    • SHA256

      c16fa42dd6874f4af0b195a46d93191cb22a4d4ab078aa91b6e4e1d6e7c86858

    • SHA512

      c14435bdbd62bd7c16387b2c247e3c641d22b7d4d650a8ef7498d47aad1042660def9d5690f396282bc91cb538ca86a8b0b7c215eda2cea099434cfd90149542

    • SSDEEP

      3145728:wFpn/31P6ZETQy6f8lONInnV5Sg9ueQ7j6vvCgfV3erzNORNC6kv:on/liQhlON4nF9dYjDg9erRp

    Score
    10/10
    • Detect Vidar Stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks