General
-
Target
LauncherSetup.zip
-
Size
450KB
-
Sample
241110-stlrjaypaw
-
MD5
e5f2ec0907c102aa4e2c2b5473708294
-
SHA1
50215094e82901e07cc89a42d405aa8f06996043
-
SHA256
edb06363f2f9c31efa5019478e0b90246293ea89480123398fe914b180edf4a8
-
SHA512
75b97973d8e1798d32347186cee66b6a874e189334a5cbf3792c0de5c058d3a77f984903b08721127181baaca00e8fbfba11667e025cc895ecf2d7586d0fac27
-
SSDEEP
6144:3M3nR/2hbXQVi0sVFjKML27pPVkljk10plqxoiMVQsHsxjldgMZSJx89:3MXd2hbXQViNgptoTTnMxJJw6
Static task
static1
Behavioral task
behavioral1
Sample
InsstallingFileX64.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
InsstallingFileX64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
hgr86x.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
hgr86x.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
https://t.me/gos90t
https://steamcommunity.com/profiles/76561199800374635
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
InsstallingFileX64.exe
-
Size
50.2MB
-
MD5
bed89eae60b75ce8d2218a897be3a394
-
SHA1
627cb8cef91a14b1053aadfc34b7abf12bd654aa
-
SHA256
de0eb08fe4ecc4e8a7b78c736a497f94c74c15ac7e5cf97869d4d2a6b3ce421f
-
SHA512
636f856fc66feb44e9b323453cf39029628e3ff328ba63ffa5bc4bdc126ef1a3e7c7b1a83ab86bc562e65182f3cbc386ac375c33a7d7b7c290792037e97a315f
-
SSDEEP
6144:aoNqg+ua4U+c2MpXZAd/kfvuFN2Ea+4blIoNPmGRw2f1LO4:tou1c2MFiNQlIrGWK9
Score10/10-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
hgr86x.dll
-
Size
36.0MB
-
MD5
a4687ac356af5beafd27cbb9759294d7
-
SHA1
381b315a0df9d29582cb0e6e3e7c03489fd79b7e
-
SHA256
c07072078a40391a727de98be712f29caa2bf570906580355d8b22ae4f98df03
-
SHA512
0526e5ca3d91c398793c52d5acd71a73b02dcb4904604d80b2a212af445a45886d0ad0b9ad95a78c7db93656fe184afc26451241d773f954aff77c0fb25604c3
-
SSDEEP
24576:CQ7E9v4Uh1UNoaL3+GsnuY8JVlKI0yaZ+ZzAEAif:w9
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4