Resubmissions

29-06-2024 16:17

240629-trq4xatgln 3

29-06-2024 13:52

240629-q6hjja1hql 10

General

  • Target

    #!~#SETuP_2030_P@$SC0DE!~!!~.rar

  • Size

    12.4MB

  • Sample

    240629-q6hjja1hql

  • MD5

    b8aa1f6dc1e996db222883d740dda7e0

  • SHA1

    f6ea1f7d1d639dbe2df3877673c6272c7aa5dc05

  • SHA256

    c0db0838558c6028faaed090bdf739d2e3a5a8cddccb15e57a9508468936b50d

  • SHA512

    cbee8b2feedfb7fba3076da3c64cbeda6ae67c3388acc9702103f6a8b0fdd4b7ef3af877128acb6db21100937c1548e6eb4396e01189194227acc761dc58c32b

  • SSDEEP

    393216:yQR+NnLHiSUSBRb504oZMQs+ZwpFMgV+Te1wHZ:y/ziSUqovWQYzMgV+CSHZ

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

    • Target

      #!~#SETuP_2030_P@$SC0DE!~!!~.rar

    • Size

      12.4MB

    • MD5

      b8aa1f6dc1e996db222883d740dda7e0

    • SHA1

      f6ea1f7d1d639dbe2df3877673c6272c7aa5dc05

    • SHA256

      c0db0838558c6028faaed090bdf739d2e3a5a8cddccb15e57a9508468936b50d

    • SHA512

      cbee8b2feedfb7fba3076da3c64cbeda6ae67c3388acc9702103f6a8b0fdd4b7ef3af877128acb6db21100937c1548e6eb4396e01189194227acc761dc58c32b

    • SSDEEP

      393216:yQR+NnLHiSUSBRb504oZMQs+ZwpFMgV+Te1wHZ:y/ziSUqovWQYzMgV+CSHZ

    Score
    3/10
    • Target

      Setup.exe

    • Size

      40.0MB

    • MD5

      36408e074e73dd9c328bfbddebe68c3e

    • SHA1

      883d5d71e3adba2962eb84f42b5687dde8f1a442

    • SHA256

      8c984d1cd3cdcfa53d735568c02ec35e0b7104da679442c275329e0748423d38

    • SHA512

      99bec46233b4361b22e3b51a999b00c03052b6ddd7c035b80a65f5c08a3b81473c68be8d39a0415d2ea8966565e94a35b623e3ab8dc6a1ea6abc5c17e4910333

    • SSDEEP

      98304:F9sgNLBXKolKOUnOqoDJA669v/XH5bPGroIk:F6gdTMrKJAJlJzD

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      autocompletion/libraries/libraries~00299a408.js

    • Size

      609KB

    • MD5

      be9e2a3ebb4ee556764829e8eefb5a91

    • SHA1

      70db765a74ee9da498fcaa249ecde81e5e7bc767

    • SHA256

      76f03b849861ea77751d1ad402d5972c43f5d18b1208fccf9ade3622e2d2defc

    • SHA512

      42f688a542d4e4352005c8ebefc5fabfa031a6826dc6982af9548c6299727e6020daade43e09afbf5635af7ed70c67cb39f9b07499f3c62b1a0f3cc9c7659731

    • SSDEEP

      6144:+xNl2sveefznMvtASMJAhOtT521/koRUzpVZyr0NLWSMWVf:RWMrsAhOtIcoyjdVf

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~13bdaad06.js

    • Size

      92KB

    • MD5

      0b7512ee85cdf828ea62d3a840257372

    • SHA1

      c7a0074a8d6ba9d1530dfa8f1156892b0d97570e

    • SHA256

      3de5135e14e66b1446187903ac4e0a20a7cf7b4eda85d87e95cd8ddbb9933d34

    • SHA512

      f40b2878481544bcba57b187ae928c8ff9b1c7753f574d9450d7b0928bf6be43f7472bbdca45b1e42163a62146f991b1f4a6357d5b427e929a0721f1617ae809

    • SSDEEP

      1536:a6C3/VVQYEHCy23quSi7wZYoSYQOYO1WE8RXCQRuqo0:ieCy23quSi7MSYWqqh

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~1e47f672e.js

    • Size

      84KB

    • MD5

      2b73f264be2cc723a3d4fe7ebef2b49b

    • SHA1

      0a2709b2aafcb3eb4676a3a35a4da61c37cb6825

    • SHA256

      27d16a57e9c4b37c792c1c71f15ef8d30e51cdd0bfea68c36c11774c935a338f

    • SHA512

      8f7a509bee4d93f2a40f7e545e1f5f914141c659196126d15ef728d7d2920432fb5eef859ea99f6a661370277299d11fa70406b85ac485c047ca34e37af79733

    • SSDEEP

      1536:hLO4iNVcWTzOaKzRgw1Ieo7MMlKyymm4Edl8ufQ:NONnTzOaKzRgw1IeoIMlKylmNdCufQ

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~32b5733f1.js

    • Size

      88KB

    • MD5

      65a165e8b9e58e8233675361497df6a1

    • SHA1

      32c33b3c89bb8392c0338291c027eb7c2038042e

    • SHA256

      768f9bf3834a231f5c3235c199090ac5818ed14467bf1785726241727f16f8ef

    • SHA512

      b5a999d91ad9683499052cb004b8bde16bbf84f57f3a04890f57ef58f2b26d2f8042097f020afdd15980538c2eca4ae7a958bce61b952c49c1916f27d1702ab4

    • SSDEEP

      1536:MsRqQoWwhlvrWFtS+wedDc3M8h8wMbADhOu+hA83Q69R2U:wDrWFt7wedDc3M8h8wMbAdOuI93vRx

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~a5790b328.js

    • Size

      90KB

    • MD5

      520054ea5f54adf2133cda7e36da7c9d

    • SHA1

      be24c2afd3e44bce2fdeaf0c6806f11182d47e66

    • SHA256

      b3aaa5d9b99756b2c954e306734ab9005653c9519feef6961f8f64bbabb24ecb

    • SHA512

      4b0ce33dcfea0d8e336cae1474f4491d99d48fab3a5ac34300aa32b624f6764fa03153aa05944e71a5c409df14d0c72687726d812a6ed227511f9e9822a518b8

    • SSDEEP

      1536:RmntvbsUgI2z/LHIky9W77Jjm4gRKF4ZslMEp4:+d2z/LHIky90JjuR8MEp4

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~b0b780556.js

    • Size

      91KB

    • MD5

      dad880a524a2c6e3a171ce3d49b4f670

    • SHA1

      8d35f2a7398e40a2adb7f9ac914865f8c6581c91

    • SHA256

      e6ebb7949277f41f3775c5fc906a57152209a1276f1a7d102d022583344bef93

    • SHA512

      58e8d387408e47f599d5c1f5689ff48570d9ac1973ebdf6cfbc5b30c10e8a345e748b91a544a9cd17cc1be71613a1dfd00dab5197d03bed9c6e5117d829e8a2e

    • SSDEEP

      1536:1b6h5hphsX/MLtoOeWFcLRXoUS64IKu6zhYrU9npVD8Mn99mIPk6+O8d9XXnTiQ:1dEtcL5oUS64IKu6zhYgnpVDBndPk7x1

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~b89b244e2.js

    • Size

      85KB

    • MD5

      92293feb6af9e7e9e193ddee1f7a688f

    • SHA1

      c1e7a79135c7c83152269ad7fdcdb6b36a3cdcfe

    • SHA256

      0abfd716c0eddcd979ce06139ecdd3054486e553a897239959df4a57296b5e01

    • SHA512

      948b3ce78c07a4afcac2a5357493e7fcb90d6e2fa309d3d0cfa93ca9a8bee17422923ec0c3665ebd2e438f7169074279332ea73358334b818ff12322902e261e

    • SSDEEP

      1536:d6pZfXvGhc38DhbULA50wI7A5kugXLE6hBzjCdmp:0pJR38DhbULAywI7IkugHBzjCd4

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~c2593e398.js

    • Size

      90KB

    • MD5

      225eeb2b6b5ddb2a337f010acae9903f

    • SHA1

      16700c32aedf773de4e19fb8ab291cc4e1ff6967

    • SHA256

      0bacabadd6f259fd39857873b75f2dd163070abf03c295e33ddc6c29c0442e34

    • SHA512

      26c731f4c40fb9869b936460f82fae4bab72a084abbb145bcc69bb253c46a29085cf066bd6f828f1ac995914e563e3be82bff2a8f64f010b9a18a26fd3073e8f

    • SSDEEP

      1536:UJES4KI/gz2z/LHJ6yAW9Jjv5ZbRGNnsTVJ74:xc2z/LHJ6yAIJjnbRzVJ74

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~c8d0b0a15.js

    • Size

      88KB

    • MD5

      636d85ec61b6ae47f10fead6ab610cbc

    • SHA1

      e733900482754acec226bc398cee2ba54a72786a

    • SHA256

      5e953ea79c6a2baff897cda9a3248131d1b058151a3ab68d352d14b2f52dbda6

    • SHA512

      4a05ef84a2da4b3dbe9c8be3d31ed03c46b60e2fade27bcd0bf609cee40aa3d9ec6b4e438cb2572551e41aed24c879318bd9418f6cf01c7cbed4a8043790f5aa

    • SSDEEP

      1536:iq3RfmGylbV4tPoh7k2eXBORaKq6XfiYE1HcgySitLThLqHIStarn:iUkGydV4tU7k2eXBORaKq6XfK1HcgySW

    Score
    3/10
    • Target

      autocompletion/libraries/libraries~f78c6dc44.js

    • Size

      89KB

    • MD5

      ea4ec5ee92052d4bb6f918af11c6f95b

    • SHA1

      1f3dd3b02c5cb34abafdf7e08ae0441e8907f238

    • SHA256

      ef5d0be738a740e10d03b749afcf45689218c4dfb1bcf759983a2e9324d7b4d2

    • SHA512

      2d967c8242e6aa0797779409fefb115df0a9b3c8beea6d12d5ab0057055482a4def4e32f9be6551db633a81042314c15f2c5410ffb7075dd465f730e90154331

    • SSDEEP

      1536:lyihXLZLmsrbxmSGne201jUIsL7gLAJp/2na:vXLZLmsrbxmSGne201jUISIA7/2a

    Score
    3/10
    • Target

      autocompletion/localization/friendsui_arabic-json.js

    • Size

      143B

    • MD5

      e7ec1fbeba0b8f5886c406a74162190b

    • SHA1

      41712c9b57092b2c66e8cc14d62ab129bfadbaeb

    • SHA256

      b781b144751b3cc467b5f212337cf62d48b08b58c1b0ff2b9b0535a33ec70082

    • SHA512

      63644eb0a934e5c7a8b9a2ba500a0a0669605167e28f001a0864347e4438dd415203ff648dfdbb2d8f3024e67069d840e08d17cfce4dbbd99e8ab3820ac1cea0

    Score
    3/10
    • Target

      autocompletion/localization/friendsui_sc_schinese-json.js

    • Size

      8KB

    • MD5

      a5cde5e9ce5cf13d3322422a31a23978

    • SHA1

      d41e0735ee6ed87db102b37cc189e382b661c0c3

    • SHA256

      24a5aa1e0d6bc6dd94dec5a3b1b70a361a49ffa1b1fe61e07ec382228db93341

    • SHA512

      51fe6e2fd5217622d17f9cb56292c9123dfa89212f1ccf2dc9b0cd56d64d673c3cdcf2d801103e34b26f7b064738e614e84d9ac5b1d85eaf9d6b4ec002662119

    • SSDEEP

      192:mINNBQWtaomq+/LRjblWZ8FPEcqY+jpm67k0+SUwt:9kfB/LRjblWZ2PEtYcc6j+At

    Score
    3/10
    • Target

      autocompletion/localization/shared_arabic-json.js

    • Size

      143B

    • MD5

      57d8a1204d24035f66304ba0e073dbc6

    • SHA1

      e77c1603ef25f72a2074442f7968da9f50359009

    • SHA256

      613d959e184a3c7f25c7068a9fa06cc73891da2471ca71e3916d1a47816b1bfe

    • SHA512

      cbceb9d4bad8f2b2d7bf0c7a869b0a9c475b8586ef731d5b2aa02fce2fc99198c00d1d6b3b62e730f7b444b4f5b64e2b696d9d21c204eb369722c07866e83194

    Score
    3/10
    • Target

      autocompletion/localization/shared_brazilian-json.js

    • Size

      173KB

    • MD5

      731aa5fe210725db9a38b6603b5dd87c

    • SHA1

      ffbb82a8548c2fae66d034d39805e949efcbaa74

    • SHA256

      26ed552fe54c64c4ff0bf038f4a4f9727d48eb0e24074d3ae14acb13db709cea

    • SHA512

      5e286e4aa2a432d95d6821caad1d4cffb59f9b7d4650f32d6bf460309e30506cb4047027d80148735f6a4aec39edc3e1b6984537528e590ab68b50dd4ead8396

    • SSDEEP

      3072:ZlG3jKp3JC1MHkXQzW+zJQN5nEJ+oRZDk3:0KtVzInE98

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

stealcvidarstealer
Score
10/10

behavioral4

stealcvidardiscoveryspywarestealer
Score
10/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10