vidar

General

Target

저작권 침해에 대한 증거 및 자료 - 스타쉽 엔터테인먼트.zip
Size

101.2MB
Sample

240929-rrsavsxglm
MD5

f521823506843dac80c32be282da21f9
SHA1

2a872a9b79426ec48214a899fcf37f32e250c9db
SHA256

1b70899faec0f86dcbc0b1a05aafbb666115392f90622942742938e349fa0bf3
SHA512

31eb4ea4afd35b51fa1b21e7ef5553fbaf730de568299c394b0cdfaee12d4891e356c04946dbf44708541e085a89a305cbe89abd728dcd35bdc25e2e4f09bdb2
SSDEEP

3145728:4eaU29WmBuj5V9/97h+8ZYqk/t5YVuxflmaKameBjn9Nghzrvuj:4eDbmtzm8/Bhqrvuj

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

11

Botnet

da1105e7cee8ade4acd1a4dc0b47dbbe

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

- Target
  
  저작권 침해에 대한 증거 및 자료 - 스타쉽 엔터테인먼트.zip
- Size
  
  101.2MB
- MD5
  
  f521823506843dac80c32be282da21f9
- SHA1
  
  2a872a9b79426ec48214a899fcf37f32e250c9db
- SHA256
  
  1b70899faec0f86dcbc0b1a05aafbb666115392f90622942742938e349fa0bf3
- SHA512
  
  31eb4ea4afd35b51fa1b21e7ef5553fbaf730de568299c394b0cdfaee12d4891e356c04946dbf44708541e085a89a305cbe89abd728dcd35bdc25e2e4f09bdb2
- SSDEEP
  
  3145728:4eaU29WmBuj5V9/97h+8ZYqk/t5YVuxflmaKameBjn9Nghzrvuj:4eDbmtzm8/Bhqrvuj
Score

10^/10

vidar da1105e7cee8ade4acd1a4dc0b47dbbe credential_access discovery persistence spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  저작권 침해에 대한 증거 및 자료 - 스타쉽 엔터테인먼트.exe
- Size
  
  6.1MB
- MD5
  
  4864a55cff27f686023456a22371e790
- SHA1
  
  6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
- SHA256
  
  08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
- SHA512
  
  4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
- SSDEEP
  
  98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score

10^/10

vidar da1105e7cee8ade4acd1a4dc0b47dbbe credential_access discovery persistence spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral2