Overview

overview

10

Static

static

3

e60535c00a...36.exe

windows7-x64

10

e60535c00a...36.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e60535c00ad393f219e5c8fd387bed78f38e7830fa539fc497c61d287a759336

  • Size

    594KB

  • Sample

    241023-f86zsstbjf

  • MD5

    1545a36e836cce503cf4b6c5b776ee4b

  • SHA1

    071dadacd1fe60c19b01cbfbd67c7fdd4e5913cc

  • SHA256

    e60535c00ad393f219e5c8fd387bed78f38e7830fa539fc497c61d287a759336

  • SHA512

    9a9db8ddb35fe6623c29d393b3f1cc56ea177a18382d38da2e26b63b8fe73e768f8c7bbf3a1020fdb9e2770d85a6f286b8dad9bc3ac08c27078e54a4e3cfaf1f

  • SSDEEP

    12288:6TksllSkJd/6U3cEeTfGPq9SyZd5RyV3/9b2KS:0lbJ8U5Pq9SyZd5RQP9bJ

Score
10/10
vidar0b3bd69430b7d827b107ba2ed809207dcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

0b3bd69430b7d827b107ba2ed809207d

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      e60535c00ad393f219e5c8fd387bed78f38e7830fa539fc497c61d287a759336

    • Size

      594KB

    • MD5

      1545a36e836cce503cf4b6c5b776ee4b

    • SHA1

      071dadacd1fe60c19b01cbfbd67c7fdd4e5913cc

    • SHA256

      e60535c00ad393f219e5c8fd387bed78f38e7830fa539fc497c61d287a759336

    • SHA512

      9a9db8ddb35fe6623c29d393b3f1cc56ea177a18382d38da2e26b63b8fe73e768f8c7bbf3a1020fdb9e2770d85a6f286b8dad9bc3ac08c27078e54a4e3cfaf1f

    • SSDEEP

      12288:6TksllSkJd/6U3cEeTfGPq9SyZd5RyV3/9b2KS:0lbJ8U5Pq9SyZd5RQP9bJ

    Score
    10/10
    vidar0b3bd69430b7d827b107ba2ed809207dcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks