Overview

overview

10

Static

static

3

TS-240418-UF1.exe

windows7-x64

10

TS-240418-UF1.exe

windows10-2004-x64

10

$INTERNET_...es.ps1

windows7-x64

1

$INTERNET_...es.ps1

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    TS-240418-UF1.7z

  • Size

    698KB

  • Sample

    240418-jgs6eafa57

  • MD5

    656cbe81ffb3e2c4deae49a1e7ba7431

  • SHA1

    f5c6d8974a1709bfbd32b5a1540949b691463efb

  • SHA256

    b693608e153752a43200fcd3badbd97a1ce962fd91062ddf0c6234a98839a022

  • SHA512

    33a9695126331b31f6305d119b8b0fa0ecaf661a41653771ceced8b0bddda33e957307a8a0dc23457c10f58c4a420d75b72eb7def1b687d80a7023b4cf483a6e

  • SSDEEP

    12288:hwuRsRZNh89nlhCyLWSLcl20I+GryMclvQMgOnR6k83AwqKx4h7Q:hlsPNWncDzYIGryMcDLnx8wLKOU

Score
10/10
vidarstealer

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199673019888

https://t.me/irfail
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0

Targets

    • Target

      TS-240418-UF1.exe

    • Size

      721KB

    • MD5

      0b6364f10436936f66d7321d5777e8ae

    • SHA1

      2975c89ccdca685ad0b17f2f47b798621bc8ec3b

    • SHA256

      7647f25c56f9e3edada954cbd8238375b8d6af1b008539adeb9ca74fe75d4fbe

    • SHA512

      11d1cf361d79b89d82066c755d73c366e010ffcb5ccf46b0264292d9bd8549580fa38fd1b2e08ef3f86895c5193e245e0e6cea646c22277765fc1abeb132757d

    • SSDEEP

      12288:eb0WtNQNREpNVShGA7k15z+U0rdr07YO2lcsH0BKODLE8vUiDwjHZfTf:eb0Ws/EYrG+XKYOgRUBzLjvUawj5fT

    Score
    10/10
    vidarstealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $INTERNET_CACHE/Templates

    • Size

      227KB

    • MD5

      e8edffee088cae0cd66ea3cb5fb1f3f3

    • SHA1

      03653dfa12c5278ea91a80dba552976cfc2a8a05

    • SHA256

      c1e8d201350dbc6137f0966e2cef99be193a7ce7976d52d6f0e34ced3485b723

    • SHA512

      31c308b2685ce1dbbf4ad2bc8b89fabf0af5784dc19e4202a100186e946fd9a4ae651035e3afd4283479e248d64b16c6ff12d9ca09c1e23709e9c9e879363aef

    • SSDEEP

      3072:6SW9SySolRqusq4UzB9crB7Uxi7OaGoEoqoJyJtTBn6:6SW9SySovqusqZzB9SB73VgtF6

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks