Overview

overview

10

Static

static

1

TradingVie...b).zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TradingView_Premium_Desktop.zip

  • Size

    135.4MB

  • Sample

    241009-plsy4ayeqg

  • MD5

    fb8c6d5d86e6033517287820f50ad771

  • SHA1

    f22b96514e26cb8607b65f687e53e737ec284095

  • SHA256

    be8e7b712f1f899a32e32f74e4d9d14438bc848b36a8c4847b27e762fa6d3ef8

  • SHA512

    18d023a007dee31bdcba1e4eb7b7c56a5e7139bb425f37c684b80bd7066dc914e9a7409e3301d04905bb0c0bcc9c84daedc93cbb62afdc617113349b00812a6e

  • SSDEEP

    3145728:W5Nk9zgVMuZ2fu34ji5G0r0kApC03jrG3hjGKaP/X9VBVk:sNSg/zIu5G0r0jc0UnaP7k

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      TradingView_Premium_Desktop_(password_github).zip

    • Size

      135.3MB

    • MD5

      22422d62b7a227bb310ece165bc91063

    • SHA1

      8e56d4ee4c2102ba952d5ea46915aa465da1c6d6

    • SHA256

      a6aac404891cb48e8f3a0f578b52be41422fb751e9d4d00f0115296b157c2890

    • SHA512

      76db140bd39165ee6a778559467579e707b740bbf9c374806fd937f7518a0dc56fc10eaaf19949fb9133818b4b657882d18abfb131ca7d1ef5a14c92c5079f3b

    • SSDEEP

      3145728:uph//jwxAQNKfMd8RGT0YrAqMlKYN3RAPX/Ms0TlrRJ7vQ:ChjwTrekT0YrAJIYon0TZQ

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks