General

  • Target

    !ŞetUp_88614--#PaSꞨKḙy#$$.rar

  • Size

    11.2MB

  • Sample

    240629-x8vp7sxfjp

  • MD5

    3e3c90e931c6848c68b2cc4c2e2d7b13

  • SHA1

    92ff3e6c4780c28af7e1dff46627e0e45f848951

  • SHA256

    c13d4b19b3d733e6a553bfd37011cf1a47fe946ab48232c7616181bec5f699d5

  • SHA512

    e1dbae62e14a3adc64efe6b6c639dc609752db9c9bb0a429ba56c4af80736a1321057b0ec9f5d2ca26d21ef34c03abbe8bc90c7ca3b634f694720c74f2916679

  • SSDEEP

    196608:2LwOXnAZQo1lGStmJaphAr/feglLLkdWfhW+whJg+N1fGx6b6KVGywkKBv5U:ewSnAKo7ivLAgvP+PfmCVGy3KBv6

Malware Config

Extracted

Family

vidar

C2

https://kotawa.top

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

    • Target

      AbRoot.dll

    • Size

      355KB

    • MD5

      530957a391c6bc978ae7179179594b12

    • SHA1

      f174b1575ebc2f6612272cf39215d5dc27ee6b38

    • SHA256

      9fbeab4bcfcec34dc13cad90609101b2ea099069ab173555635f174597e4ea09

    • SHA512

      9f3da37b8b8047bcc463c2d12360c6bc99bf35868a14222abb2108e103bab5355d1c069d5ac775bd3c7c953a9c8c3299bd61287c4fb7a074f36a4450e95368e2

    • SSDEEP

      3072:mB16MsQd1V0rSJkRd2Ygeu1qs93J2FooJafVMkZuP9Dy4s5zTG22+xF0KA6ppDwZ:mBXT1V0WojDy4s5MQV0jw0

    Score
    1/10
    • Target

      AdTree.dll

    • Size

      355KB

    • MD5

      530957a391c6bc978ae7179179594b12

    • SHA1

      f174b1575ebc2f6612272cf39215d5dc27ee6b38

    • SHA256

      9fbeab4bcfcec34dc13cad90609101b2ea099069ab173555635f174597e4ea09

    • SHA512

      9f3da37b8b8047bcc463c2d12360c6bc99bf35868a14222abb2108e103bab5355d1c069d5ac775bd3c7c953a9c8c3299bd61287c4fb7a074f36a4450e95368e2

    • SSDEEP

      3072:mB16MsQd1V0rSJkRd2Ygeu1qs93J2FooJafVMkZuP9Dy4s5zTG22+xF0KA6ppDwZ:mBXT1V0WojDy4s5MQV0jw0

    Score
    1/10
    • Target

      Setup.exe

    • Size

      2.7MB

    • MD5

      870feaab725b148208dd12ffabe33f9d

    • SHA1

      9f3651ad5725848c880c24f8e749205a7e1e78c1

    • SHA256

      bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55

    • SHA512

      5bea301f85e6a55fd5730793b960442bc4dab92d0bf47e4e55c5490448a4a22ed6d0feb1dbe9d56d6b6ff8d06f163381807f83f467621f527bc6521857fc8e1a

    • SSDEEP

      49152:C11fbWXfBeBqTww8Gkfoa0yeL8zj9JLF+lP/MatsfHVnZbhG3EVsMI62Pseaj/1n:QbWkuwwjkULhlPUatsfBxhsE

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      autocompletion/libraries/libraries~e8c5e5be4.js

    • Size

      56KB

    • MD5

      d87493f47fdab86b88a5aa9e4cc085f6

    • SHA1

      a643b1178de6966584603352e1d07f0272f0fd57

    • SHA256

      5829f7068bbba6c9df9091870ac95f4655f626120804be8fa1f7d5e2e3b4997c

    • SHA512

      14ba0d192ae387d4dc1d4abd92e48bed3e680570b85ce2c538df361b5116a5050ed4b0cc9c835dedc40972d258e3931c75c228f06179a72a1a523d20c5569883

    • SSDEEP

      768:eblwyaQBm3JkRY7q3Uh4dNP41SJ0H2nrSj0N3HEnj0JnDPNcAKH1iw0V2IlGdA8K:eXaR78R4BHW/3EjMBcAFn8ZbcCb+

    Score
    3/10
    • Target

      cutline.ppt

    • Size

      1.2MB

    • MD5

      28a695e8e8030fc384adfc25f2ff8d8a

    • SHA1

      df05bd44ae978f50d6f6f7577219989d6a191b85

    • SHA256

      555b36447befe890bcb8220fe47c212fa643629160f8b266ca496a01a6d2fd4c

    • SHA512

      b19f4724c98e625f92c443f2ed5919af0397a32565411f1d2da2d1761e894cbf1487449cea76b982134aab033b03c93c145b2df938b82f6b6d4df420a10ad8ca

    • SSDEEP

      24576:rWRmXYcxHOyy4SDHMFJAHXelw3Xx5B/hXIZY5YbcnPg7SklwanPTXZJ:iEIcsyy4SLM/AHXelw3hD/hqYWYnPUSo

    Score
    1/10
    • Target

      updater/DirectoryMonitor_[1MB]_[1].exe

    • Size

      1.9MB

    • MD5

      76067380db217854920c9652e6276ae1

    • SHA1

      10442a38db18218953418b84bb8684a3fa399312

    • SHA256

      d74373f86c366409db3392258b552e35477ffd47d968d094abad170663193fc6

    • SHA512

      91a42d2196b42515132ccdbc40dec46396995d80da5a44eded2d16fe4350c50a68a2556a80acdccef823bc233b4fa5a88a6423748e9fea2e23795339795857f9

    • SSDEEP

      12288:hc6VJx4LOQyQLkoCPs+b4H4APA60jEcflSIQZXDVrZLpYHT:hhJxPQySCod3c8pZzhnYHT

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks