Overview

overview

10

Static

static

1

setup/AISe...ck.exe

windows7-x64

3

setup/AISe...ck.exe

windows10-2004-x64

3

setup/Pre-...up.exe

windows7-x64

10

setup/Pre-...up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48b1caa5028ee44b155b92e8826d42f1

  • Size

    5.4MB

  • Sample

    241111-lnt3dswqet

  • MD5

    48b1caa5028ee44b155b92e8826d42f1

  • SHA1

    96b57679b4a2eb360f0bf25f57920176167f4423

  • SHA256

    33bbf133844c61c4e4f9207411a912c02d2c1cd1c25d582a5044c658d48cc9ca

  • SHA512

    e401d73084c47b021f7476213aa3915cfc89deb3d1d632d55798c2192d5e556b07356d067ad7af7bbddde2a18dc53abd398d90c0a9d9b3f0df8f41bb168a764f

  • SSDEEP

    98304:QylwVwjTrJrl+IA7VCwVLwDqRuJcF8Yp0MrzC/1bCOcbDtECbeNrQl6wHY3C:fiITlpq7bqcSYpRPCMjDaCSN+g3C

Score
10/10
vidar1281discoveryevasionstealertrojan

Malware Config

Extracted

Family

vidar

Version

52.2

Botnet

1281

C2

https://t.me/netflixaccsfree

Attributes
  • profile_id

    1281

Targets

    • Target

      setup/AISetup-Crack.exe

    • Size

      2.4MB

    • MD5

      a6f2af8aa201a51b90ce7242736a7af4

    • SHA1

      303184b65412f10df9e3860a7b3337e165c820db

    • SHA256

      7e29a55958df55dcc4bb4e563111659226cdac60bc7141f8124acaa8eac66565

    • SHA512

      dd5271e62bb7f69b217ea912c378cccf41f4132efe48e4ac11fe04d6869d3db13cc52dd991507d1ba081b88bcbc8c96324a11d7a1623937be2a0403c353d7650

    • SSDEEP

      49152:P8QETEm8KR2frmN7o8cwa877IRgZVFiIFwDchf3fsmfNpF/t:M8KR2frmNja8vIRgZu6hf3fsmN/t

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      setup/Pre-Activated-Setup.exe

    • Size

      405.2MB

    • MD5

      3cf359cf5a3c86167e554882c9d26dc4

    • SHA1

      fd80122deab8904889dfa69df600554eac8090ff

    • SHA256

      b61864510b59420f82383f1377bba51822f2c481fe8a166c5eeda292a2258eaa

    • SHA512

      e8e4047c2863715686fa5205175572fce0f05d501a762310e88eba064cd857737f49948785fa4fff54dc60da2430f60ef2f8e3ca13727d48c8192546a65b79db

    • SSDEEP

      98304:dRirkM+2TJIYLWgfzU/nZ3bULuQ0qw+Y/mz:dRio2TJIYWgMCLr0qw+Y

    Score
    10/10
    vidar1281discoveryevasionstealertrojan

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Vidar Stealer

      stealer

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks