General
-
Target
SecuriteInfo.com.W32.ABRisk.JZOD-0687.30425.1987.exe
-
Size
964KB
-
Sample
240820-swcawatclj
-
MD5
310e5c68c94e313befd538b9e999360a
-
SHA1
7578eb69585740bb27adaa947dd661b2a0c8c2a6
-
SHA256
2d0c0b18bc6dd823e612901f146dcb895aebae5ec0c648a97ffb36d035e05cfa
-
SHA512
b206a01ed5cff100afc3a16a824ca79a050c6f495983f6795b88a9a78e939352e7249e45b6b429401c00c6360cf591c3037914373a8a1c7a1c485f25666bdd47
-
SSDEEP
12288:czZ0rwIrpsK7p3ADr20z9Fc2DNaC5o1e5lW+9jMDLniSjJojUiCm0c5ersBM3K:czZ0fKg3ADrO2paC5fg+Wn5oju8ZM3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.ABRisk.JZOD-0687.30425.1987.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.ABRisk.JZOD-0687.30425.1987.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199751190313
https://t.me/pech0nk
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Targets
-
-
Target
SecuriteInfo.com.W32.ABRisk.JZOD-0687.30425.1987.exe
-
Size
964KB
-
MD5
310e5c68c94e313befd538b9e999360a
-
SHA1
7578eb69585740bb27adaa947dd661b2a0c8c2a6
-
SHA256
2d0c0b18bc6dd823e612901f146dcb895aebae5ec0c648a97ffb36d035e05cfa
-
SHA512
b206a01ed5cff100afc3a16a824ca79a050c6f495983f6795b88a9a78e939352e7249e45b6b429401c00c6360cf591c3037914373a8a1c7a1c485f25666bdd47
-
SSDEEP
12288:czZ0rwIrpsK7p3ADr20z9Fc2DNaC5o1e5lW+9jMDLniSjJojUiCm0c5ersBM3K:czZ0fKg3ADrO2paC5fg+Wn5oju8ZM3
Score10/10-
Detect Vidar Stealer
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1