General
-
Target
ae21d1625a332105fa099e45f15945dcfbd0e088bc357398c5b9036be80c8b9e.zip
-
Size
1.1MB
-
Sample
241116-naq5pavhme
-
MD5
a21d3b50943ba289f87af6c1697ac027
-
SHA1
6f9f8498065665fa94c78a6a55167f5af4e7aaf7
-
SHA256
ae21d1625a332105fa099e45f15945dcfbd0e088bc357398c5b9036be80c8b9e
-
SHA512
3eeac3ad53668dccd4f7b5a4008f57e7fdb54bf483b7e4026ea8b7908adc2919caf454adcc6ec203ccc829edaeec1e2d8edf469f00900de51bbec28db569efde
-
SSDEEP
24576:LRv4rv+4bIk+1xjY54255J2N/VR80XuW0t/7J+5tyn7L0i:lY+4u15oJ54XRtu/mt80i
Static task
static1
Behavioral task
behavioral1
Sample
InstaIIer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
InstaIIer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
re86x.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
re86x.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.7
832ff6075d875436124f2744cc55913a
https://t.me/m07mbk
https://steamcommunity.com/profiles/76561199801589826
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
InstaIIer.exe
-
Size
41.0MB
-
MD5
136d8eeb91c5fa33ff2049b441929788
-
SHA1
58c0e21ec68c7c499b442c8ec2e820adf1fd15ec
-
SHA256
5667a73898a9134a736c6b56f25577ed3f9901dd17439de0dca545ac3cd1af16
-
SHA512
d55552584088455d96656d3ac7b33195cbf0eb511bec47da66f37ff5874fb489d69fa0eb9e1cccb3bdb431ceee835c2cb62833f420a8efcec4ee44439090a1fa
-
SSDEEP
24576:5z0wSWUTxMWv3LPO9dOV8kS8FTVuFK76/KvHM:5z0wSWUTxM2PO9wV8kS8FTV5n
-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
re86x.dll
-
Size
177.8MB
-
MD5
a17f011e58699c816cb3511fc14a5e3d
-
SHA1
4a69475a7d523239f61d2fca759c35776d256eb0
-
SHA256
be3283d6c64766a6d950a93f42164e82f93d30409697a693a7a6d8759935abdd
-
SHA512
c5d1864bae174a523bc52026107f05de00f64401ea1a0bd037ea4eedba9abcace1e17381b3f33ced4e7ee8d54bba1b9b184750883c3a2a9feacf1dcb8ad62157
-
SSDEEP
24576:VJ1jpSL+6UfDq80kdLx5IyYIfNvLw94Sx7aPuIaWutQrXttq89PZV53rnN7rjRLT:P1jpKNUfDq80kdDIyYIxa4Sx7aP
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4