Overview

overview

10

Static

static

10

vss.exe

windows7-x64

10

vss.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vss.exe

  • Size

    264KB

  • Sample

    240907-dh1zrasbpc

  • MD5

    c46cf092ca90dec5d9794d58bc3d60af

  • SHA1

    ee85693b181df0518ec1404831d0d0b05c97fdaf

  • SHA256

    e708ccdb34685d4df6d7a8959f2dc98d28f1a5bbf89120ff595613a1df7ab2d7

  • SHA512

    acbd3ab6958eb2b78cb0884ffba5bed24249421c1db1c2093e42f69a80bffdaaaedb785b726e742a1dfbc16499724ca3f56e6027dbbace840a5eb7f8f9d68af0

  • SSDEEP

    3072:9R+9MwiQ1/d0kzv4NmVcc18DM74+c9JDpdN3f5Bl5xoaq0jCp8HraqVmQdwuA:9RKMreKkzwNemDM7Ab3ir8F7wu

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/76561199768374681
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0

Targets

    • Target

      vss.exe

    • Size

      264KB

    • MD5

      c46cf092ca90dec5d9794d58bc3d60af

    • SHA1

      ee85693b181df0518ec1404831d0d0b05c97fdaf

    • SHA256

      e708ccdb34685d4df6d7a8959f2dc98d28f1a5bbf89120ff595613a1df7ab2d7

    • SHA512

      acbd3ab6958eb2b78cb0884ffba5bed24249421c1db1c2093e42f69a80bffdaaaedb785b726e742a1dfbc16499724ca3f56e6027dbbace840a5eb7f8f9d68af0

    • SSDEEP

      3072:9R+9MwiQ1/d0kzv4NmVcc18DM74+c9JDpdN3f5Bl5xoaq0jCp8HraqVmQdwuA:9RKMreKkzwNemDM7Ab3ir8F7wu

    Score
    10/10
    vidardiscoveryspywarestealercredential_access

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks