General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbk9UT25TQzQ3ZFFNeE9DR2wxN3NtUkVIbG41d3xBQ3Jtc0trNk04WnFqcDRIMFhzS3NRNmxDN2dzQXh6c2RudldxcUh5Qm9Pd3Z2alhTSnRZclBuSUlIdUtuS1BsRHVQeHNQX2dNLWRPSUI5TmZldklaWHhyZjl6T3VxUTBzVkZ2aDRURWZDSm5yVjRMaHE3ZGRuaw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F3is42kz6mwjhj%2FFiles&v=qq0j1po9-D4
-
Sample
241105-yn2tfswrfs
Malware Config
Extracted
vidar
https://t.me/asg7rd
https://steamcommunity.com/profiles/76561199794498376
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbk9UT25TQzQ3ZFFNeE9DR2wxN3NtUkVIbG41d3xBQ3Jtc0trNk04WnFqcDRIMFhzS3NRNmxDN2dzQXh6c2RudldxcUh5Qm9Pd3Z2alhTSnRZclBuSUlIdUtuS1BsRHVQeHNQX2dNLWRPSUI5TmZldklaWHhyZjl6T3VxUTBzVkZ2aDRURWZDSm5yVjRMaHE3ZGRuaw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F3is42kz6mwjhj%2FFiles&v=qq0j1po9-D4
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-