General
-
Target
Setup.exe.vir
-
Size
19.8MB
-
Sample
240628-sdaz4avejc
-
MD5
1e7360d144db1f0ff44b48114b1ff6b4
-
SHA1
e164a928226fc54535707069fee7f82b7a5b57cd
-
SHA256
c63d002506855885ef330524e7284a9c4b01ddb78f05db74f2dbfe6ab905190d
-
SHA512
f79aee721d7802c5aafbaf52e59a19f3360f00b6f3518f7daa99569118fcf7700c4aaba04a6398c1a7c2be4332bb83e19caaff3f1f7c50c9a7b460d77f5bfd6a
-
SSDEEP
196608:30bq45mmYPrOLaxhcFecFNOkX/Roslbo9KLD1B8NAJFq0eHH+tNJKAXkZ:kbq4o3jOLaeFDoCbL8NAJQ0e+tNUsk
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240611-en
Malware Config
Extracted
vidar
https://aliszon.xyz
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6
Targets
-
-
Target
Setup.exe.vir
-
Size
19.8MB
-
MD5
1e7360d144db1f0ff44b48114b1ff6b4
-
SHA1
e164a928226fc54535707069fee7f82b7a5b57cd
-
SHA256
c63d002506855885ef330524e7284a9c4b01ddb78f05db74f2dbfe6ab905190d
-
SHA512
f79aee721d7802c5aafbaf52e59a19f3360f00b6f3518f7daa99569118fcf7700c4aaba04a6398c1a7c2be4332bb83e19caaff3f1f7c50c9a7b460d77f5bfd6a
-
SSDEEP
196608:30bq45mmYPrOLaxhcFecFNOkX/Roslbo9KLD1B8NAJFq0eHH+tNJKAXkZ:kbq4o3jOLaeFDoCbL8NAJQ0e+tNUsk
-
Detect Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-