Overview

overview

10

Static

static

3

InstaIIer.exe

windows7-x64

10

InstaIIer.exe

windows10-2004-x64

10

Qt5Svg.dll

windows7-x64

3

Qt5Svg.dll

windows10-2004-x64

3

SbieMsg.dll

windows7-x64

1

SbieMsg.dll

windows10-2004-x64

1

SbieShelIPkg.dll

windows7-x64

1

SbieShelIPkg.dll

windows10-2004-x64

1

Script Men...er.dll

windows7-x64

1

Script Men...er.dll

windows10-2004-x64

1

Script Men...86.dll

windows7-x64

3

Script Men...86.dll

windows10-2004-x64

3

Script Men...lp.dll

windows7-x64

3

Script Men...lp.dll

windows10-2004-x64

3

config/ima...if.dll

windows7-x64

1

config/ima...if.dll

windows10-2004-x64

1

config/ima...co.dll

windows7-x64

1

config/ima...co.dll

windows10-2004-x64

1

config/ima...eg.dll

windows7-x64

1

config/ima...eg.dll

windows10-2004-x64

1

config/ima...ga.dll

windows7-x64

1

config/ima...ga.dll

windows10-2004-x64

1

config/ima...ff.dll

windows7-x64

1

config/ima...ff.dll

windows10-2004-x64

1

config/pla...47.dll

windows10-2004-x64

1

config/pla...ws.dll

windows7-x64

1

config/pla...ws.dll

windows10-2004-x64

1

config/sty...le.dll

windows7-x64

1

config/sty...le.dll

windows10-2004-x64

1

jres/bin/J...32.dll

windows7-x64

3

jres/bin/J...32.dll

windows10-2004-x64

3

jres/bin/J...ge.dll

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.zip

  • Size

    64.7MB

  • Sample

    241112-c7c4jsskbx

  • MD5

    f1702a7c496bb302a61409175b183a0d

  • SHA1

    4057ef1a1137d55475d5f13b455b5a6691861417

  • SHA256

    a97982edc5a2b47956648aee5bac78507b5903444f1fde80e583c886b69fc821

  • SHA512

    24197bff5c0c31ed46a6585f6d6e002fb9a26dfe3a1fc8f55700a5cc6e44d455d37a1dd43eaec9ba47ede4e7e781783a67b02992c0594754a7e3c62c2688e7a4

  • SSDEEP

    1572864:Iv7q4xcM9wN2u+xqy5sMicxEsXtSr4z8sRZEx15Wym:Iv7q4x/K2dyAg2RipWym

Score
10/10
vidara9a908477e9950733b14c1bbd7e172fdcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11.5

Botnet

a9a908477e9950733b14c1bbd7e172fd

C2

https://t.me/gos90t

https://steamcommunity.com/profiles/76561199800374635
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      InstaIIer.exe

    • Size

      40.0MB

    • MD5

      d01f872f2b9c93e41c453a847544f4b7

    • SHA1

      5acc2a905ef3a4a9aef83bac73a412ca7adef2f2

    • SHA256

      9fe72402d72177b35d74e3743b6f835c72b78d8b200586f59d29a35f44f73ba5

    • SHA512

      2d1297fe2deaab1b5ddf897c37fdc2fcee018c5e5f566063a88ddf17315572d05699f1af502c588d404ec5c94fd2e0323872a80719bdc6e0b8e2becd287ba925

    • SSDEEP

      384:1fA8u3H+3dU+Uu8VPBzDUpsydRQn5aTqow3kOlkCWD:1od3H0dZQ4PgqwFWD

    Score
    10/10
    vidara9a908477e9950733b14c1bbd7e172fdcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Downloads MZ/PE file

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      Qt5Svg.dll

    • Size

      253KB

    • MD5

      06cc5d18a496520e05bcfee1e3169535

    • SHA1

      98ba5d0ed52499a845038c3b4bcba356b9339f11

    • SHA256

      ea31035fa96ba656d64b58d4f1a9dd210df7154afad3d4f96ee36b41584e4360

    • SHA512

      154a2fdbaa045df6289476420cc4045905a866cd54d756dcc09e0ea79f2cec7f33c748534f47c827841e35c35f71d462cadb801a6b99bf72c162c075d786fdbe

    • SSDEEP

      6144:kKD4dwpLEE61jMW52NP5xwuMnyOWYGcy8Dv4Cnke+9oCsGhvdw61IwxP4zd:kKD42pLEE6mw2NPnBMIBrU

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      SbieMsg.dll

    • Size

      3.1MB

    • MD5

      1d531229c003c1bb3e93cfb9fae79ebf

    • SHA1

      f481e660e79c146604f2a512fd66fda1d1ca38f5

    • SHA256

      74a9d7d248fbf81ba1d6bc6c6f921d6fed52b71d4bcde4fcec490cdb0b0d7285

    • SHA512

      f84d6bbacc0aa4b44ed92e1336c553075d0168bc9a876404c2c03f9262b6888f5f22915a2cfcd1593245918c7c7f92e52b5ad4ba3c4d761756184d60a2794284

    • SSDEEP

      12288:z2VpSiFSJYeUvaOen/aMWz1O6125RXvPtu6jAO2Ifq2TvpC4X:zuxv6OenC7Q6125RXvPk6jA23

    Score
    1/10
    behavioral5behavioral6

    • Target

      SbieShelIPkg.dll

    • Size

      10KB

    • MD5

      ab87c29e560226a3604d004e049eda48

    • SHA1

      b1aee6cf1d58510b75f7fa4ad1b1ac5f9d0eb147

    • SHA256

      c7164a3d901a6658d94db02edaef0615d08df5e2ee15d1e6468be9de8a6b17dd

    • SHA512

      20c2a47fe3201a5b8e21b1d3a998f7d4ef66fe0153e0f2983674632617fcaa37a704795d5215720943804a0136a2635fc8bab589d453ec5b5f45916f0f7a53e7

    • SSDEEP

      192:Je8ARCKz6Nl9vXhUc2jawG31caVkbhY6en2SUhfinDHx:g8At4vXzwJVYH2ScfMd

    Score
    1/10
    behavioral7behavioral8

    • Target

      Script Menu/runtimes/win-x64/native/WebView2Loader.dll

    • Size

      133KB

    • MD5

      2e3f0bf9337083a32aaa5dc68dd1c3bf

    • SHA1

      72e669417245b7b6918cbd379a7ce9675bf445ea

    • SHA256

      fdf978ba706578b05967d7f0181f462147864a5aa74f36016a62cb3d3dbe6909

    • SHA512

      3b06ab9ccd07b95d2a5e1a4fd673978d24146692a07dbdc5fff19c15e140d7304c065c35be7fa08850c7d4586effec6586f87515e3f3c074b7a5b9796a58631b

    • SSDEEP

      3072:kPzSYWDiiK+shdkt7E86qWBgbFCAg3esIDKEtn2C85N1d3j:FDicWdCD65BWFCEt0pj

    Score
    1/10
    behavioral10behavioral9

    • Target

      Script Menu/x86/FileIOProxyStubx86.dll

    • Size

      49KB

    • MD5

      668c12fcdf587eaebf71c7bd162b7911

    • SHA1

      a2db873e00771fe5d4fe3979419e496d5d6d674f

    • SHA256

      3633f095f3e05480af476f11ea99fa4eb954aa05e9946f082c30a22ce5ba445f

    • SHA512

      92d299e2c5aa32af8dcf8b9c90504b4833f63d9240a0ba90cac3e4cac6bdb4a598cf06bf1d070d8df783621018eb10eec4fc63213ef9b3a4c40f09cb4d2e7803

    • SSDEEP

      768:rZwdDnTKohujEU7f4cv0E1CwiP4BdyJ8Qa53hTc:rZeHKo077f4cv0H1PeEO53hTc

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Script Menu/x86/dbghelp.dll

    • Size

      1020KB

    • MD5

      74edbb03de3291fcf2094af1fb363f1d

    • SHA1

      16b5d948ed7843576781dc4f2a391607ac0120a4

    • SHA256

      dca9f45efed8eab442b491aebda3e3cce7f5f9fc5de527d2dbdfd85a5be85dfa

    • SHA512

      b08eb03c54f25979c5aee745530ecd51c5761eb99871b867ff84e14590b32ef3247e17cf63bf953ee1efcb0fda8c4540191b9280db33359fdca352967e42b289

    • SSDEEP

      24576:YXm4cpDFYD2aC0jH5yrrXlpWrCSyZC0wLHr298TG00g8EAB4a:hpKD2aC0jH5yr7DWRyZlwH29vjDIa

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      config/imageformats/qgif.dll

    • Size

      110KB

    • MD5

      f9ba44bb98f048e3b2f7e72d42a1a852

    • SHA1

      a21fb268583cca2da70977e842fa83c4e24f5ddc

    • SHA256

      df50647b02abf30cda040460e9be6d903cc7a3d07fd79c229ce136997beafd96

    • SHA512

      c7c3822fdc816043ce7a94ba6fdf9d4fd845fdcba31d4c8975842246ef09ab361042158582f11c36ea4defeee4e614d800d687912aa5f93ee756d4a12fda0154

    • SSDEEP

      3072:sLVRRPMiOoC66wqeyvGsRmurmc52iMMqGr4wi54z7JSzdx6:sLrtP9C7eyv1Rvx/cwVZSzdx

    Score
    1/10
    behavioral15behavioral16

    • Target

      config/imageformats/qico.dll

    • Size

      108KB

    • MD5

      faf4f9cb5a4b18dd786efc180b9becbd

    • SHA1

      6c36ecf5ddcf6b3228aabe8677da4ce4517afd3f

    • SHA256

      ddafd14ac6215b2ba8af3cbb0a251dffc4d76b7c5d0f419d614991fe9d16a093

    • SHA512

      e4e7a319b7041619d6d6923ae6bddee9acd69f7a30ebb4aecbc4f88f66791a878838aff463671e092b0aa87996d0803d0b17df52852dd5f9abdf5327cf9257b7

    • SSDEEP

      3072:XLSYxM0g9qEHggx7lO6piSWgMC+CnFXYka5ZFYK:egjYHTx7lJW2JYk0O

    Score
    1/10
    behavioral17behavioral18

    • Target

      config/imageformats/qjpeg.dll

    • Size

      537KB

    • MD5

      a379fb272fe6ca15243a371ca940928f

    • SHA1

      aa2b5aab8e6fe5e45e01bddf080f631e9cfbc3f8

    • SHA256

      4d0201f4dd243bd1fd29417b57901eb03b50bb3bc2603f3a6641d12b4eb3fd81

    • SHA512

      21f2ea31e50c3fbbcd87f242b9170f0bfbe55c25b997db79cd848e8070c157c20eff3b05ae38456a7528a7e0e7601e6dea3c634a0146b0b1a476b1633ae7bdb9

    • SSDEEP

      6144:T9Nq3RbZWjjwWAvh6hllL6mIDpW01IWa10fBB0QtLHIJdVO68l4Wn0YhnWdJP:TqkcqWmITLX0yol3JP

    Score
    1/10
    behavioral19behavioral20

    • Target

      config/imageformats/qtga.dll

    • Size

      102KB

    • MD5

      12f7c2771deb34e07666f9bd07b494b7

    • SHA1

      439258597c5d915e9fa8a46735fe5ed14e877a21

    • SHA256

      fce0a0c801f8be7799c12947d42bc0d975760f85934e9a3bfdf08e9f021ff6ab

    • SHA512

      08d8afdff54aa96acfb537edcbd560078f4ed891273fef17e11926b86390c771c233daf1b8bf182cb105ab5b8b0c2162c11b29a81dd9025c72aff89ead875ec8

    • SSDEEP

      3072:ebfi1jPh/WLzHpoixdtG7tgZMqstPz5ViORU:d1ZWLzH63CYP/FR

    Score
    1/10
    behavioral21behavioral22

    • Target

      config/imageformats/qtiff.dll

    • Size

      511KB

    • MD5

      28204a66c8010d591b003fd830b0dc44

    • SHA1

      95beefb8e2599c7e648cbe9fc0ca7106c3791e5e

    • SHA256

      a13b60ffad79e982148e757e622afe7176b0790a74a5982083c542bb6176bac6

    • SHA512

      15ecacd2fa2bc4cfd0cefbcd8537b70028f34645a9bba23d8650cfec5c68f5721530a963a90eeff557712874635f3df0aec4816f33d4a0e04e28b7d836f7612a

    • SSDEEP

      6144:Sg0BKevlheRCz/n6wTMTlpEFuvrEEEEEEp724JiBlcnBU5XVOnB5hzI8wSkJgohN:SzKXyMTlpHijcGWB5x7Foj

    Score
    1/10
    behavioral23behavioral24

    • Target

      config/platforms/d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      1e2f4329fa2e58be78f5fcde2aeea167

    • SHA1

      c2ecb4d0542c49d9e906d6173f77349aaa4749a6

    • SHA256

      a92f3bb1a4d846b38e8422d7c492f638e6bf47081facbb22c92568118938d5ce

    • SHA512

      8ae9b45f7427d83b5fd0afa49c920f79fc071f362dab0a4ef72be0fd19f5243779f071d762a66ffc2180121ded618e571470d3eabbdcf21b4125cf0b04ea62f3

    • SSDEEP

      49152:3uhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccG:ny904wYbZCoOI85oyIV

    Score
    1/10
    behavioral25

    • Target

      config/platforms/qwindows.dll

    • Size

      1.5MB

    • MD5

      7a95a2ac88ee34613da76af12a8f6375

    • SHA1

      f5dc8fe31229639bd3fe28b52249af29722e0301

    • SHA256

      e9b4e3c270d7b64eb06871e8d5022d4ea768d93bdd205faab070c6fae695e550

    • SHA512

      602650ee2657e069523e17677eb3c29a0f7e5aa0ed5b44127c368265f7fed020c93c65fb5af2cd1fc54cd1e4dd278ba1498d248910eac1e60dd09b282a2dfe90

    • SSDEEP

      49152:yhteEDXKprit/jl70BkHiZsuu4EkYBdpV:5Wt/q38Bd

    Score
    1/10
    behavioral26behavioral27

    • Target

      config/styles/qwindowsvistastyle.dll

    • Size

      226KB

    • MD5

      6bea57a7fd8f380de36b89d9bfa6a209

    • SHA1

      dbcdf8cbbc8914b2a2fbbd81362dc6cd97378a8e

    • SHA256

      8a864f327756bc0ed0d16c52f37c4c652e7f440081199dcea93ce5839442ee69

    • SHA512

      d4c28ee0be0f986be7e8c07e4b42393824836e084cee89cf699a1a3d911f1280201321666f070ce743a34ea5810b85b0cc4207f72d55e88c62509d3e070d1b8a

    • SSDEEP

      3072:zesbD7Kt3oc+kwwPyjHB3UxqFBArvxXJblgQfMJa5MBuiOWnCT0NGcIRS:P+o3GPYBUeyvxXplPqBuiOWnCT0NYR

    Score
    1/10
    behavioral28behavioral29

    • Target

      jres/bin/JAWTAccessBridge-32.dll

    • Size

      14KB

    • MD5

      d63933f4e279a140cc2a941ccff38348

    • SHA1

      75169be2e9bcfe20674d72d43ca6e2bc4a5a9382

    • SHA256

      532d049e0d7a265754902c23b0f150d665a78a3d6fe09ad51c9be8c29d574a3d

    • SHA512

      d7a5023a5eb9b0c3b2ad6f55696a166f07fa60f9d1a12d186b23aaaacc92ef948cb5dffa013afc90c4bbe3de077d591185902384f677d0bae2ff7cfd5db5e06c

    • SSDEEP

      192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J

    Score
    3/10
    discovery
    behavioral30behavioral31

    • Target

      jres/bin/JAWTAccessBridge.dll

    • Size

      14KB

    • MD5

      b4eb9b43c293074406adca93681bf663

    • SHA1

      16580fb7139d06a740f30d34770598391b70ac96

    • SHA256

      8cd69af7171f24d57cf1e6d0d7acd2b35b4ea5fdf55105771141876a67917c52

    • SHA512

      a4e999e162b5083b6c6c3eafee4d84d1ec1c61dca6425f849f352ffdccc2e44dfee0625c210a8026f9ff141409eebf9ef15a779b26f59b88e74b6a2ce2e82ef9

    • SSDEEP

      192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728

    Score
    3/10
    discovery
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

vidara9a908477e9950733b14c1bbd7e172fdcredential_accessdiscoveryspywarestealer
Score
10/10

behavioral2

vidara9a908477e9950733b14c1bbd7e172fdcredential_accessdiscoveryspywarestealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10