Overview

overview

10

Static

static

3

Install.exe

windows7-x64

10

Install.exe

windows10-2004-x64

10

d3d11.dll

windows7-x64

3

d3d11.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Browser_Update-10-2024.zip

  • Size

    74.8MB

  • Sample

    241029-taxkcswgnq

  • MD5

    b965f86a0c6077967f0b310a0419ba01

  • SHA1

    11da78837200eb425544580bb5533dd3d39932b3

  • SHA256

    2a7a93984ebb6f2676eaf4bb61b29935e0fbb4da166cb252e9747f779074ae62

  • SHA512

    db4448a99b7383ed58fa89da422f0da026f80069fc55a4255314cedc86820e3a41d90fc13b842c785a22c836792cfce6cab22fb5f2de62b7c9fc0d6d287258d2

  • SSDEEP

    1572864:0dMtMaMKFU4lwtu48BTIfjUvbVm/fAUfrnDNsikdo92xvwDrZ9Y:6MtnMKFflwj8tIUVqAUfrDSip2xvw/Zy

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/fun88rockskek

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      Install.exe

    • Size

      3.4MB

    • MD5

      c30711c9fc9d650b14507521a253e8d0

    • SHA1

      9b749d1a00ca31a8b7f562eab5faaef69d0516dd

    • SHA256

      55e757150f980a8ca433d67f55dbf3b05615e58fd447e02e4e6ebc07f3cf5597

    • SHA512

      6c16ad1a5812b3fc7faca91b2fbdc7d0691dd5c73bd2be3fe413def04eeaf5b8fddb08308e9b5e1b05f69b81160ba2d647bb05fe01c4b616ee5faa3593f956d4

    • SSDEEP

      98304:jsBvJ7SOd9cEmG7TqjlOpIhqDQ2vOQx8fHriZ3f:QSk9cEmG7TWlOpIhqDtxMi1

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      d3d11.dll

    • Size

      2.3MB

    • MD5

      8d2b43fc958ae42e35f83539fcfb0d1f

    • SHA1

      f16d5836320c46cf1ef833d872755d4219215275

    • SHA256

      dada501a3ecd363542202cb3897f0d0152f1481f8f63436ace881031651f8640

    • SHA512

      40797c78d3571db43bb4a54ded672abc8efbe492be1ea175fdae601536af8023a999da4fad0caabdae3415cd3c6b0be0791944893b6df5075d9f7026a1bc0731

    • SSDEEP

      24576:jsj0+nuXH3o8120l4JWtDEdBVdaMCNDMi4imGAWfh5PQIyLXWbSyI3Im85btvSIS:jqCYbWtDEdBD+54iHPfo1XvyicbBckFS

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks