Overview

overview

10

Static

static

3

Install Update.exe

windows7-x64

10

Install Update.exe

windows10-2004-x64

10

d3d11.dll

windows7-x64

3

d3d11.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd6e013f97e3fbfc399b8eca7943ffd5.bin

  • Size

    1.0MB

  • Sample

    240908-b7yvkszfkc

  • MD5

    e30d11dda7c8859c1636709bc9e759e0

  • SHA1

    e671e56b98d18037c3811f00391678b96ee56a6d

  • SHA256

    1c97e66a4a068d26fe5ce09f80e8f598aa38f2876b6e846fd93152c428c255fc

  • SHA512

    85ca4d6a14af5720aef249d15f0632fe06ed1a97471a118b470776b77176a92912c87222ce445bb7db2a83765b4574fe5d30dca636abca4513ad274b8e9446cc

  • SSDEEP

    24576:FZVWQ3PvwIAapcJWtT7ZxVKFKPMCPKeRsp/GkKXE7lT29:RZbcaT7lbMCPKe73Eh4

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/

Targets

    • Target

      Install Update.exe

    • Size

      678KB

    • MD5

      fd57b4457b9c453bf563559c53b9071b

    • SHA1

      08eb3a76af5c337b73f50efe5a27c43b68edce88

    • SHA256

      995bf2a06730050f99f6e5ff53d641e1e98f022e7d7c376d91d65959aa79a70e

    • SHA512

      ba9518440625fef53101440c976951b5c8e2b07f946a975da77b8a7ab2cbfc795cd20a264f61ff1fc4a7c0b77ea9b75ed8a9c9e69b9d22ae65d10163a510c5a7

    • SSDEEP

      12288:PoZ5cyP2UluWW7hvraWyE/7bQGLnkQzeD6lHCMfm7HUb3s9a40:PoHhP2YW7hzak7bQ8HCM+4QI40

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Downloads MZ/PE file

    • Deletes itself

    behavioral1behavioral2

    • Target

      d3d11.dll

    • Size

      1.4MB

    • MD5

      aa55d7bdb5d82f33345f78814a687a26

    • SHA1

      3261b540c52e0f56b0dbda3c02dd237519bafa91

    • SHA256

      7a3242fc80c18e689be633eebc6f6c8616e4c0ff5ff6b78fca0811eb26fc18b2

    • SHA512

      be776cb69376f827cbe39fab3009cbdf951a71229ca4c7b754ba467be0f6ca6b688ee689d7f765adc15f5004487d6b210b2782416191f07f78c7b0d0bc70e180

    • SSDEEP

      24576:+kThZU+CWB7H5y7W3jUHzeK7doyj3SqSYL/PqQIJ0ysa3WDn0khCpmZB:+pdxW3jUTPmyz1qQ+iD6E

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks