Overview

overview

10

Static

static

1

SecuriteIn...12.exe

windows7-x64

10

SecuriteIn...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.PWS.Steam.37582.19133.23112.exe

  • Size

    983KB

  • Sample

    240915-st7n1a1ckm

  • MD5

    126fe36209cb4c46477e6d7aa4f3fe56

  • SHA1

    69a1cef90f0e6739c9fd5ae2a984567327bea9f6

  • SHA256

    90f608b784fc8eac0a899d6aec257ec4beaf836e0cc808c7496f131aba61bef0

  • SHA512

    5ab26243cef267be9fc4ef5d4934b91714298ac018865d2494aa306cb5f0e85c04e2b5ee7c809410e82eca76616a707a3b70b274c81082ad961a0dfe0ef16515

  • SSDEEP

    24576:0zZhzsd7E63T2FPay3SUP6nAK8T85vrQ+uXcMLumwjjZpyXWIWI:0ex6FPayCUPgX8azQ+uMMLuVjFO

Score
10/10
vidar057d037117dc13a05f53caea44d69e65credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

10.8

Botnet

057d037117dc13a05f53caea44d69e65

C2

https://steamcommunity.com/profiles/76561199761128941

https://t.me/iyigunl
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Targets

    • Target

      SecuriteInfo.com.Trojan.PWS.Steam.37582.19133.23112.exe

    • Size

      983KB

    • MD5

      126fe36209cb4c46477e6d7aa4f3fe56

    • SHA1

      69a1cef90f0e6739c9fd5ae2a984567327bea9f6

    • SHA256

      90f608b784fc8eac0a899d6aec257ec4beaf836e0cc808c7496f131aba61bef0

    • SHA512

      5ab26243cef267be9fc4ef5d4934b91714298ac018865d2494aa306cb5f0e85c04e2b5ee7c809410e82eca76616a707a3b70b274c81082ad961a0dfe0ef16515

    • SSDEEP

      24576:0zZhzsd7E63T2FPay3SUP6nAK8T85vrQ+uXcMLumwjjZpyXWIWI:0ex6FPayCUPgX8azQ+uMMLuVjFO

    Score
    10/10
    vidar057d037117dc13a05f53caea44d69e65credential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks