Overview

overview

10

Static

static

3

Install Update.exe

windows7-x64

10

Install Update.exe

windows10-2004-x64

10

d3d11.dll

windows7-x64

3

d3d11.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update_Browser.zip

  • Size

    1.0MB

  • Sample

    240907-hsy1cs1brn

  • MD5

    bd6e013f97e3fbfc399b8eca7943ffd5

  • SHA1

    6808436f9591a1860f14ac426eb3c4f2aa8e290a

  • SHA256

    896983dee48b90e2d2663255959e3018dcd0d0669cb5aa9dd972d98b0a72974e

  • SHA512

    018a6633be6dd6446fd9720629bcf28ebb7cea2f6299ad5c51c57661b4cc4df45030e64d6d48770c5cb023da6f4a16bc61ca3fa4bfb37d597eb3239f96d7b1d3

  • SSDEEP

    24576:IdU6RR1OCx3YJeuCyzEIRByI36LqktZgmytbN5ZFevXD:r6Rnx3YVCyznB736Ok7v+N5DevXD

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/

Targets

    • Target

      Install Update.exe

    • Size

      678KB

    • MD5

      fd57b4457b9c453bf563559c53b9071b

    • SHA1

      08eb3a76af5c337b73f50efe5a27c43b68edce88

    • SHA256

      995bf2a06730050f99f6e5ff53d641e1e98f022e7d7c376d91d65959aa79a70e

    • SHA512

      ba9518440625fef53101440c976951b5c8e2b07f946a975da77b8a7ab2cbfc795cd20a264f61ff1fc4a7c0b77ea9b75ed8a9c9e69b9d22ae65d10163a510c5a7

    • SSDEEP

      12288:PoZ5cyP2UluWW7hvraWyE/7bQGLnkQzeD6lHCMfm7HUb3s9a40:PoHhP2YW7hzak7bQ8HCM+4QI40

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Downloads MZ/PE file

    • Deletes itself

    behavioral1behavioral2

    • Target

      d3d11.dll

    • Size

      1.4MB

    • MD5

      aa55d7bdb5d82f33345f78814a687a26

    • SHA1

      3261b540c52e0f56b0dbda3c02dd237519bafa91

    • SHA256

      7a3242fc80c18e689be633eebc6f6c8616e4c0ff5ff6b78fca0811eb26fc18b2

    • SHA512

      be776cb69376f827cbe39fab3009cbdf951a71229ca4c7b754ba467be0f6ca6b688ee689d7f765adc15f5004487d6b210b2782416191f07f78c7b0d0bc70e180

    • SSDEEP

      24576:+kThZU+CWB7H5y7W3jUHzeK7doyj3SqSYL/PqQIJ0ysa3WDn0khCpmZB:+pdxW3jUTPmyz1qQ+iD6E

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks