General

  • Target

    Setup.exe.vir

  • Size

    19.8MB

  • Sample

    240628-sdaz4avejc

  • MD5

    1e7360d144db1f0ff44b48114b1ff6b4

  • SHA1

    e164a928226fc54535707069fee7f82b7a5b57cd

  • SHA256

    c63d002506855885ef330524e7284a9c4b01ddb78f05db74f2dbfe6ab905190d

  • SHA512

    f79aee721d7802c5aafbaf52e59a19f3360f00b6f3518f7daa99569118fcf7700c4aaba04a6398c1a7c2be4332bb83e19caaff3f1f7c50c9a7b460d77f5bfd6a

  • SSDEEP

    196608:30bq45mmYPrOLaxhcFecFNOkX/Roslbo9KLD1B8NAJFq0eHH+tNJKAXkZ:kbq4o3jOLaeFDoCbL8NAJQ0e+tNUsk

Malware Config

Extracted

Family

vidar

C2

https://aliszon.xyz

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

    • Target

      Setup.exe.vir

    • Size

      19.8MB

    • MD5

      1e7360d144db1f0ff44b48114b1ff6b4

    • SHA1

      e164a928226fc54535707069fee7f82b7a5b57cd

    • SHA256

      c63d002506855885ef330524e7284a9c4b01ddb78f05db74f2dbfe6ab905190d

    • SHA512

      f79aee721d7802c5aafbaf52e59a19f3360f00b6f3518f7daa99569118fcf7700c4aaba04a6398c1a7c2be4332bb83e19caaff3f1f7c50c9a7b460d77f5bfd6a

    • SSDEEP

      196608:30bq45mmYPrOLaxhcFecFNOkX/Roslbo9KLD1B8NAJFq0eHH+tNJKAXkZ:kbq4o3jOLaeFDoCbL8NAJQ0e+tNUsk

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks