General
-
Target
Setup.zip
-
Size
14.4MB
-
Sample
240628-sybr5ayckn
-
MD5
b46a5a69182489de8e5e68e4716fd3d4
-
SHA1
b97a052a5828080b3ce0c148983289ea2a28891b
-
SHA256
44b0511ca68363333e3e0dd4ea4bc6394ec4db23ad353fe9922e1d9de3a583df
-
SHA512
f89b30558e3c0880f82a244d0a914b53db8ba8ed3d6dc6c9aa32e4922504ac7292acb9ad9a5b2263e82c4f176f0f04ed19b2a49e789b6e0c2e2e8e2ce0ca83f7
-
SSDEEP
393216:Bk4aC47BFlUf6BRmDFOn/qN+4is49hflp0GV6n1he:WdC077qN+4Dmd6GEe
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
Setup.exe
-
Size
675.4MB
-
MD5
14cf56e3094e94a6bcd9f1b18c2e9726
-
SHA1
b4d6a5f8f6cc0429c02d5b9d0be1e29172010d3c
-
SHA256
e42c58c29931bee78061436503afbbef40e74c43da2c6291e0e09213add1c5e6
-
SHA512
122f873501c376615139f7387c33cc533b83af4555f92fe0c09fcca837fdc1f3af2a3659f44c037748b06c613d014160304cf487eb68c154086f0d3749292e65
-
SSDEEP
196608:L0bq45mmYPrOLaxhyEjILWjDLGfCYZmJu9JgU04IcW7fIxOntw93/sDF1kIQyXjX:obq4o3jOLaXILWfSbg
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-