General
-
Target
http://mf.dwnldro.com/fs/Y2LwSpNg8s
-
Sample
240423-dv1vhscc46
Score
10/10
Malware Config
Extracted
Family
vidar
Botnet
048d5e906358321b51376c6237a65c77
C2
https://redddog.xyz
https://steamcommunity.com/profiles/76561199677575543
https://t.me/snsb82
Attributes
-
profile_id_v2
048d5e906358321b51376c6237a65c77
-
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6
Targets
-
-
Target
http://mf.dwnldro.com/fs/Y2LwSpNg8s
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-