General
-
Target
file.ZIP
-
Size
15.3MB
-
Sample
240628-skftxsvfjb
-
MD5
dcb4c2bfc6247acb9d5363616746d970
-
SHA1
772b0dc3e99ba3ad09149b0459a342aa87f56cf9
-
SHA256
83d63b96073af07804a73c76da2241a8cfc2fa8bb01fd0a82bdc2a10ba7d2964
-
SHA512
3d07317d5baba36d50e69fdb88d2f497c4ac87adbb70d787fd1256a0065f055eeb90e3741ef9876d72ec9bcbe423006a34adad764b7cabfc4d55c1dda8e40c94
-
SSDEEP
393216:D1nD9nDUpm6GBq8GT/TC8DAVvh6nMONoOhM3Qzf38zV:D1JR+/+8DAVvh6XvhJfu
Static task
static1
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
Setup.exe
-
Size
675.6MB
-
MD5
acc3282f8baa586c256c7c1b6ff4522c
-
SHA1
463d8ed383ad2a36a9df93dfefa493a2a95f4445
-
SHA256
2d4a3b606626c54ef71e06abab01fb69a3ff26e8c7d5322c12511e5d8bd52dc4
-
SHA512
e9e7321bde05e5e0f882bdd99695990dae509c24a168f017f8b83b332d350d8662e81bc380cae64730d9eeb6bccbd6a2c2a6a6aedace7a51483b4251a49ca2ed
-
SSDEEP
196608:i0bq45mmYPrOLaxhWJVXdgvY23Jj/W5PCtLwFRpeZApj6bZy3yIhoR0LrLBsyyS3:bbq4o3jOLaSbKY2N/6CNyRp9j6bI
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-