Overview

overview

10

Static

static

7

TradingVie...mb.exe

windows10-2004-x64

1

TradingVie...mb.exe

windows11-21h2-x64

1

TradingVie...k).exe

windows10-2004-x64

10

TradingVie...k).exe

windows11-21h2-x64

10

TradingVie...er.exe

windows10-2004-x64

TradingVie...er.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TradingView_Premium_pack.zip

  • Size

    55.4MB

  • Sample

    240426-2hezaaed2z

  • MD5

    ae72a0cb410c0ba716bb1235286bd73f

  • SHA1

    1c455d7983fb7a6cba3473427c9b2102fb84be79

  • SHA256

    8c9b3548fa5600a27cf9e6d7ffd7c0502c4395cb82b85d87ff7c5bcb3acb459a

  • SHA512

    cc6807ae911cb0b79b1d245a85c57b7e589bf573209c725a599801679bee41a483aafc8023718ba33ea7960a9f6c02265e621a043d9997a5394a89fa29abcba3

  • SSDEEP

    1572864:pG++vdl/DIOpxoVNeFJQ7r3TbdJFxjQRlX5fJo0uJtYDxV:pGpdtIOnsieFNQRdbo0gODb

Score
10/10
vidarevasionstealerthemidatrojan

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Targets

    • Target

      TradingView_Premium_pack_(password-github)/Rmb.dll

    • Size

      550KB

    • MD5

      8b23fb9dd8cdf72b7c8a598fe9e1336c

    • SHA1

      1e006bc7b3874d1cdd409cf40f5766ab2b61c19e

    • SHA256

      8d11e254e2aca73da95da065cf2e548198a9594f11a72c5b21fad5086491e35b

    • SHA512

      0e4e380fbb4dffa03b7c65756c634d4726ea104f1693ed2ad405322e0b78f8fc583c83bcb67ca5c63fec695fa4ca22bd5b5edb814e24c918f5ab7766104ea91f

    • SSDEEP

      12288:1l9womI1TtxwsCc+b78SVdidzMsd1zX3XE/:tmQxwRbjVTq1H2

    Score
    1/10
    behavioral1behavioral2

    • Target

      TradingView_Premium_pack_(password-github)/TradingView (Premium pack).exe

    • Size

      781.3MB

    • MD5

      4a4c83f97addc8204586bfacbaca6987

    • SHA1

      f1e16bffb10a444e73fa2b067370b296e21012ce

    • SHA256

      f097f5148b93a8700a41eb68e8b55d907e19de539b2b3b95d388241ef5bf87b5

    • SHA512

      d773d6235bc1bf0f6159f5442f42cd2666789c463c68908a86449e25fa099e6888943113c9e1e7b07472a34579ad0b77dab0cbdba91af22742e4b78a26b2ac92

    • SSDEEP

      98304:P/HQRYdTPnFhcZA9FNeNH35kIoTiIbHE7L7M1TZB0jB7co8NLlWqYFp34r+0V+6s:P/8mTPbcaheNXKS6E7L7+j0d4oylWG+f

    Score
    10/10
    vidarevasionstealerthemidatrojan

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      TradingView_Premium_pack_(password-github)/analyzer.dll

    • Size

      633KB

    • MD5

      d10436f1338e2e29688fbf45abc2060e

    • SHA1

      eae8be254e7616cf7cb4fab7184c2176ae3b26a3

    • SHA256

      4d2c54fdb342ac5d5742afa2b2552040d29b43071f73b8366682acfbeeed58de

    • SHA512

      703bde24b0b9305a2582fe052d1c5010387cce49575f917b076f954e4777351aaff20e9a0914e192b8c1e69358b75a99abab640fd957199381d6fe6d5a877170

    • SSDEEP

      6144:of+cfRfAw8eDJIRrRyZsFaMNbhkN2R21ePCm8x1USZ7baiO9vDUdGCRpP:CtZdDJIRFy6NbJwlm8x+S7O97UQmP

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks