Overview

overview

10

Static

static

1

TradingVie...op.exe

windows7-x64

10

TradingVie...op.exe

windows10-2004-x64

10

TradingVie...op.exe

windows10-ltsc 2021-x64

10

TradingVie...op.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TradingView Premium Desktop.exe

  • Size

    780.9MB

  • Sample

    241029-1yj3ha1cjr

  • MD5

    405ba6af3449ff9599e939b4fe734e99

  • SHA1

    351dd3bdf138fb2ae91392c21d6586d7ac898668

  • SHA256

    252490d5747973f0b8b8deeacd12c43eefd2e2d5fe4f29ea2e239679426c33e6

  • SHA512

    0a040d4882704b5d224e6722e2e3b64f6a5ddccd59e5ecd99ef534d4c2aad781f008d909528d36e91cc56350ff92a389b5233ae9a0762c5f09617968dde37192

  • SSDEEP

    196608:7k3b+58e7DRsMpcPCVb22BDCZ+upImGXoTZiJ4gcZoJ4tDU:yU8e7zxZDRVDkZiaFk4tDU

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      TradingView Premium Desktop.exe

    • Size

      780.9MB

    • MD5

      405ba6af3449ff9599e939b4fe734e99

    • SHA1

      351dd3bdf138fb2ae91392c21d6586d7ac898668

    • SHA256

      252490d5747973f0b8b8deeacd12c43eefd2e2d5fe4f29ea2e239679426c33e6

    • SHA512

      0a040d4882704b5d224e6722e2e3b64f6a5ddccd59e5ecd99ef534d4c2aad781f008d909528d36e91cc56350ff92a389b5233ae9a0762c5f09617968dde37192

    • SSDEEP

      196608:7k3b+58e7DRsMpcPCVb22BDCZ+upImGXoTZiJ4gcZoJ4tDU:yU8e7zxZDRVDkZiaFk4tDU

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks