Overview

overview

10

Static

static

10

d62c196235...ba.exe

windows7-x64

10

d62c196235...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29d5025c7826e4c7fcdf4153a2b480d2.bin

  • Size

    202KB

  • Sample

    241024-bk433sxeqe

  • MD5

    0eed71b0e35592635b875671a00d3443

  • SHA1

    fa001dba1940731d103e3db714bb01143fd3d86d

  • SHA256

    1d15cf933cde2a888152f1a0cd49a50c52466bdeac8ef932951bffa4c9d7f17f

  • SHA512

    02fabd6990d39d3d67130b5bad62a510729bce8c0f620f9e2516a4bfe770a3c1e8c0ee726b0224ba6eeb99c6f8f0c23d584173618f3dd63347d3a88c753ee86d

  • SSDEEP

    6144:LE6N01D/f00/N6L5hFX+1tZ0dh0eWIW/ypnLofI1Q:QA01D3j16djxdh0em6hoJ

Score
10/10
vidar543d9974ea5ff5192bbd07e6548921d7credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

543d9974ea5ff5192bbd07e6548921d7

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Targets

    • Target

      d62c196235c2ff1b64e3ff73b72ebf01abda7bc0bbf247cdcb750c4ab8e917ba.exe

    • Size

      383KB

    • MD5

      29d5025c7826e4c7fcdf4153a2b480d2

    • SHA1

      81324e6846812811e961b46e362df0a467c8ea6f

    • SHA256

      d62c196235c2ff1b64e3ff73b72ebf01abda7bc0bbf247cdcb750c4ab8e917ba

    • SHA512

      aab1623edaab9bcea8df19fa7070861d867e4aace528b7b7c34a4f24d4d2ca1af0658dab3b80009ee6e006179318a6473b681e44bfd21725fbfb6759d47853e2

    • SSDEEP

      6144:XGO+83+N11n5au8LvOWjTMZG6wn+Y8ekx0wKYHMCsHW+S0ZaaPG:XGOv3+N11n5ALvpjTACn+jek0VYExdZa

    Score
    10/10
    vidar543d9974ea5ff5192bbd07e6548921d7credential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks