privateloader | d8131a60bf70c99748e74fead61392321b0b899a080d2b2d30e09980cc363de8 | Triage

Submit
Reports

Overview

overview

Static

static

1

ViddlySetup.exe

windows7-x64

4

ViddlySetup.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ViddlySetup.exe
Size

279.4MB
Sample

240430-xv9xzafg76
MD5

0cf231558b5f86b92c59c2bcfdc53df3
SHA1

c4dd104e46b55b6e5e852018661bd2b56dbd8761
SHA256

d8131a60bf70c99748e74fead61392321b0b899a080d2b2d30e09980cc363de8
SHA512

305530185971b77d46a62c1f9bcfb83f44d27db571408570e6c3e80134c287f152c8c00369edbdc285acd1dbb42fe340007f96bdc81f222e672c35d31b255990
SSDEEP

6291456:bL53o6uWPiTavCnZ/lqeeNoCF8qZpyoNFCgMJ:nBoJWC1xeNkqrnN0J

Score

10^/10

privateloader vidar discovery loader persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

ViddlySetup.exe

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

ViddlySetup.exe

Resource

win10v2004-20240419-en

privateloader vidar discovery loader persistence stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  ViddlySetup.exe
- Size
  
  279.4MB
- MD5
  
  0cf231558b5f86b92c59c2bcfdc53df3
- SHA1
  
  c4dd104e46b55b6e5e852018661bd2b56dbd8761
- SHA256
  
  d8131a60bf70c99748e74fead61392321b0b899a080d2b2d30e09980cc363de8
- SHA512
  
  305530185971b77d46a62c1f9bcfb83f44d27db571408570e6c3e80134c287f152c8c00369edbdc285acd1dbb42fe340007f96bdc81f222e672c35d31b255990
- SSDEEP
  
  6291456:bL53o6uWPiTavCnZ/lqeeNoCF8qZpyoNFCgMJ:nBoJWC1xeNkqrnN0J
Score

10^/10

privateloader vidar discovery loader persistence stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

privateloadervidardiscoveryloaderpersistencestealer

© 2018-2025

Terms | Privacy