Overview

overview

10

Static

static

3

Comprehens...es.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Comprehensive Media Assets.rar

  • Size

    2.4MB

  • Sample

    240814-thwysswamp

  • MD5

    24bd73c5549ec5ff635433c5d9aac567

  • SHA1

    99ca9a664bcc79f29367c9fad99d307d38689714

  • SHA256

    0204fefccbf433829acab7a2c479486d97d134fe4912947b2f11579dbbe8700e

  • SHA512

    aa590420f2cda0b88df73555d7463518c201ed5b051273af8e9a0e4fde9b29b3d2f8da9bb9de6cb42762d97f2c1a4ce2a10511b82d61d3c4bd0bbced78ab97eb

  • SSDEEP

    49152:OtMzBrHYDxCJfvt5K7w9awpsZw+iKZxzDgNFe75:t1rHYdEvqyJ6ZxvEFI

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199751190313

https://t.me/pech0nk
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Targets

    • Target

      Comprehensive Digital Agreement Analysis of Contractual Terms and PaymentStructures.exe

    • Size

      903KB

    • MD5

      50c6be72c2d0b4545539b4675e3b133d

    • SHA1

      b73d81c9dd4f09a558fe2e60ba17947d5464cad1

    • SHA256

      aed2af4fd89ce05cd3fb1ee24aee9fda5d058a33a4a93b0bdf7fcca960327918

    • SHA512

      6597c7283d0b5f3f7685b558f5880afdeb545e28514aaf185377b58deb66d274186c8da08d5a837541ea36f2c5c74add0edc367b4458f68f496b39d73b42583a

    • SSDEEP

      24576:5QP9HyrjcGnDKVApMMg0KANxr7gWmzlhPhBuC9Mt:HHJGqI0KAXX8HhAE

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks