Overview
overview
10Static
static
3AbRoot.dll
windows7-x64
1AbRoot.dll
windows10-2004-x64
1AdTree.dll
windows7-x64
1AdTree.dll
windows10-2004-x64
1Setup.exe
windows7-x64
10Setup.exe
windows10-2004-x64
10autocomple...be4.js
windows7-x64
3autocomple...be4.js
windows10-2004-x64
3cutline.ppt
windows7-x64
1cutline.ppt
windows10-2004-x64
1updater/Di...1].exe
windows7-x64
1updater/Di...1].exe
windows10-2004-x64
1General
-
Target
!ŞetUp_88614--#PaSꞨKḙy#$$.rar
-
Size
11.2MB
-
Sample
240629-x8vp7sxfjp
-
MD5
3e3c90e931c6848c68b2cc4c2e2d7b13
-
SHA1
92ff3e6c4780c28af7e1dff46627e0e45f848951
-
SHA256
c13d4b19b3d733e6a553bfd37011cf1a47fe946ab48232c7616181bec5f699d5
-
SHA512
e1dbae62e14a3adc64efe6b6c639dc609752db9c9bb0a429ba56c4af80736a1321057b0ec9f5d2ca26d21ef34c03abbe8bc90c7ca3b634f694720c74f2916679
-
SSDEEP
196608:2LwOXnAZQo1lGStmJaphAr/feglLLkdWfhW+whJg+N1fGx6b6KVGywkKBv5U:ewSnAKo7ivLAgvP+PfmCVGy3KBv6
Static task
static1
Behavioral task
behavioral1
Sample
AbRoot.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
AbRoot.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
AdTree.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AdTree.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Setup.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Setup.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
autocompletion/libraries/libraries~e8c5e5be4.js
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
autocompletion/libraries/libraries~e8c5e5be4.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
cutline.ppt
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
cutline.ppt
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
updater/DirectoryMonitor_[1MB]_[1].exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
updater/DirectoryMonitor_[1MB]_[1].exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
vidar
https://kotawa.top
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6
Targets
-
-
Target
AbRoot.dll
-
Size
355KB
-
MD5
530957a391c6bc978ae7179179594b12
-
SHA1
f174b1575ebc2f6612272cf39215d5dc27ee6b38
-
SHA256
9fbeab4bcfcec34dc13cad90609101b2ea099069ab173555635f174597e4ea09
-
SHA512
9f3da37b8b8047bcc463c2d12360c6bc99bf35868a14222abb2108e103bab5355d1c069d5ac775bd3c7c953a9c8c3299bd61287c4fb7a074f36a4450e95368e2
-
SSDEEP
3072:mB16MsQd1V0rSJkRd2Ygeu1qs93J2FooJafVMkZuP9Dy4s5zTG22+xF0KA6ppDwZ:mBXT1V0WojDy4s5MQV0jw0
Score1/10 -
-
-
Target
AdTree.dll
-
Size
355KB
-
MD5
530957a391c6bc978ae7179179594b12
-
SHA1
f174b1575ebc2f6612272cf39215d5dc27ee6b38
-
SHA256
9fbeab4bcfcec34dc13cad90609101b2ea099069ab173555635f174597e4ea09
-
SHA512
9f3da37b8b8047bcc463c2d12360c6bc99bf35868a14222abb2108e103bab5355d1c069d5ac775bd3c7c953a9c8c3299bd61287c4fb7a074f36a4450e95368e2
-
SSDEEP
3072:mB16MsQd1V0rSJkRd2Ygeu1qs93J2FooJafVMkZuP9Dy4s5zTG22+xF0KA6ppDwZ:mBXT1V0WojDy4s5MQV0jw0
Score1/10 -
-
-
Target
Setup.exe
-
Size
2.7MB
-
MD5
870feaab725b148208dd12ffabe33f9d
-
SHA1
9f3651ad5725848c880c24f8e749205a7e1e78c1
-
SHA256
bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55
-
SHA512
5bea301f85e6a55fd5730793b960442bc4dab92d0bf47e4e55c5490448a4a22ed6d0feb1dbe9d56d6b6ff8d06f163381807f83f467621f527bc6521857fc8e1a
-
SSDEEP
49152:C11fbWXfBeBqTww8Gkfoa0yeL8zj9JLF+lP/MatsfHVnZbhG3EVsMI62Pseaj/1n:QbWkuwwjkULhlPUatsfBxhsE
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
autocompletion/libraries/libraries~e8c5e5be4.js
-
Size
56KB
-
MD5
d87493f47fdab86b88a5aa9e4cc085f6
-
SHA1
a643b1178de6966584603352e1d07f0272f0fd57
-
SHA256
5829f7068bbba6c9df9091870ac95f4655f626120804be8fa1f7d5e2e3b4997c
-
SHA512
14ba0d192ae387d4dc1d4abd92e48bed3e680570b85ce2c538df361b5116a5050ed4b0cc9c835dedc40972d258e3931c75c228f06179a72a1a523d20c5569883
-
SSDEEP
768:eblwyaQBm3JkRY7q3Uh4dNP41SJ0H2nrSj0N3HEnj0JnDPNcAKH1iw0V2IlGdA8K:eXaR78R4BHW/3EjMBcAFn8ZbcCb+
Score3/10 -
-
-
Target
cutline.ppt
-
Size
1.2MB
-
MD5
28a695e8e8030fc384adfc25f2ff8d8a
-
SHA1
df05bd44ae978f50d6f6f7577219989d6a191b85
-
SHA256
555b36447befe890bcb8220fe47c212fa643629160f8b266ca496a01a6d2fd4c
-
SHA512
b19f4724c98e625f92c443f2ed5919af0397a32565411f1d2da2d1761e894cbf1487449cea76b982134aab033b03c93c145b2df938b82f6b6d4df420a10ad8ca
-
SSDEEP
24576:rWRmXYcxHOyy4SDHMFJAHXelw3Xx5B/hXIZY5YbcnPg7SklwanPTXZJ:iEIcsyy4SLM/AHXelw3hD/hqYWYnPUSo
Score1/10 -
-
-
Target
updater/DirectoryMonitor_[1MB]_[1].exe
-
Size
1.9MB
-
MD5
76067380db217854920c9652e6276ae1
-
SHA1
10442a38db18218953418b84bb8684a3fa399312
-
SHA256
d74373f86c366409db3392258b552e35477ffd47d968d094abad170663193fc6
-
SHA512
91a42d2196b42515132ccdbc40dec46396995d80da5a44eded2d16fe4350c50a68a2556a80acdccef823bc233b4fa5a88a6423748e9fea2e23795339795857f9
-
SSDEEP
12288:hc6VJx4LOQyQLkoCPs+b4H4APA60jEcflSIQZXDVrZLpYHT:hhJxPQySCod3c8pZzhnYHT
Score1/10 -