Overview

overview

10

Static

static

1

Unconfirme...76.zip

windows7-x64

10

Unconfirme...76.zip

windows10-2004-x64

7

InstalIеr-x86.rar

windows7-x64

1

InstalIеr-x86.rar

windows10-2004-x64

1

ReadMe.txt

windows7-x64

1

ReadMe.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Unconfirmed 966776.crdownload

  • Size

    52.5MB

  • Sample

    241223-e9tkeswlds

  • MD5

    d87bb42f3118d44757ad0348a5013ae0

  • SHA1

    dfc365bb518cf0ac8d7802b63efb1485eb21c09d

  • SHA256

    5ec6b5659fc1fe2761ab4fcd4b44be5722294c3ea5dc8089b465bd95e3950684

  • SHA512

    6928989a2ecb2534011051aea028683dce171a5e3065e2f1607bcbfaa38f3e55011d122256f7bf3a7141d759b448756ba24b64b1d5fa1d779abd471b7d09576a

  • SSDEEP

    1572864:cyASP3JnHeLGGAWIFQmeO1Le4TTGDc2gxr:cyAi3BrG8FXJLyUxr

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      Unconfirmed 966776.crdownload

    • Size

      52.5MB

    • MD5

      d87bb42f3118d44757ad0348a5013ae0

    • SHA1

      dfc365bb518cf0ac8d7802b63efb1485eb21c09d

    • SHA256

      5ec6b5659fc1fe2761ab4fcd4b44be5722294c3ea5dc8089b465bd95e3950684

    • SHA512

      6928989a2ecb2534011051aea028683dce171a5e3065e2f1607bcbfaa38f3e55011d122256f7bf3a7141d759b448756ba24b64b1d5fa1d779abd471b7d09576a

    • SSDEEP

      1572864:cyASP3JnHeLGGAWIFQmeO1Le4TTGDc2gxr:cyAi3BrG8FXJLyUxr

    Score
    10/10
    vidarcredential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      InstalIеr-x86.rar

    • Size

      52.5MB

    • MD5

      15f060d91d50ca10190a785d6d005619

    • SHA1

      6f42717df8c86f588cd2c52a154ca9fc44e48efd

    • SHA256

      74fa779ebc5ae9e1896ebb79c535f1ffb2ca9fe7057be24e57df2fb39b3685d9

    • SHA512

      13743497da861eb87096f9f832aa8d47db4c48237efd48ffefb441ba9c8d7f90662779d7bb8b5220d15433530cb2b27c528b6abd07cad7927a8db5f2666676be

    • SSDEEP

      1572864:NyASP3JnHeLGGAWIFQmeO1Le4TTGDc2gx1:NyAi3BrG8FXJLyUx1

    Score
    1/10
    behavioral3behavioral4

    • Target

      ReadMe.txt

    • Size

      408B

    • MD5

      4c90df2a4403b35073810c27fdd164d7

    • SHA1

      42f9c4772bfa612ed8417eb6f5b4f84c765d6151

    • SHA256

      6b5dc7a0f811b38d9ee6ba21c8fcd77e3836bedc9bff46cce02a278464524b3c

    • SHA512

      7ae89645decf9b6ff3f3ef8911ea15d47f2bba11d20eef4e77c52608e881d4098086814d3f04320087961d868e23a68a933ea92ebdaa29948ac34b2b026c8874

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks