Overview

overview

10

Static

static

1

Set-up.exe

windows7-x64

10

Set-up.exe

windows10-1703-x64

10

Set-up.exe

windows10-2004-x64

10

Set-up.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Set-up.zip

  • Size

    131.6MB

  • Sample

    241013-lnk5gszdkf

  • MD5

    e14574507aa6985dcb6a97c51f907b13

  • SHA1

    a679f3c319422df1b055495c6e1e02de782362de

  • SHA256

    5c824d40891f121e476a486c5d9fb17a6a96443086969fca8b809b68e7ac152a

  • SHA512

    100b0e912f66da6f51af8a707e7e3a26ada26f186b38a1d2b03c8e29a1b80796004ecf3ff1171cfcdb1e412d34f051bab6c5183075631fdec4563cb495393b3b

  • SSDEEP

    3145728:KL0yLSHfuz0ivWVgrTD50lI9d6Y5rOj8/tWhcYE9uitHBZJ:KLnLwcTNv

Score
10/10
vidarbed60e7985fadd893545d14f20bd7015credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

bed60e7985fadd893545d14f20bd7015

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      Set-up.exe

    • Size

      782.2MB

    • MD5

      eee07d69e8ff4affbe408fc7df07a53a

    • SHA1

      125d53dbb06718c8394cb164ee1af1f62eb89be4

    • SHA256

      9c5a39a2e75a7680d4fa81b30a4eb9f04261cdd01473fbbbcefcf51992c1173a

    • SHA512

      5e7e7a7f67cd573f81fbbac5ffe08cd4734f92754a69dd1d371fa2ca6cc961a9e3e00653bb3d0bbd7e999d2054ee4e7aeedb999dc768a5b9134c22011883f209

    • SSDEEP

      196608:kXqjlfy+N1WZAoxXcP6gIAgquPNET2bdPLJg7zvjjKXUZ63e:kx/ZjxXcaAgNFPLJo/8UOe

    Score
    10/10
    vidarbed60e7985fadd893545d14f20bd7015credential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks