Overview

overview

10

Static

static

3

JaffaCakes...e5.exe

windows7-x64

10

JaffaCakes...e5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_d98ee4b95d0ab9936f35306292c15f10f9d6766af098c3b050eae18bd522c6e5

  • Size

    688.0MB

  • Sample

    241225-czq1favncl

  • MD5

    30604cb6187550a3e0adcffb4e457af8

  • SHA1

    1598ec179d74851bf9835ea9b74cb208d5a022b5

  • SHA256

    d98ee4b95d0ab9936f35306292c15f10f9d6766af098c3b050eae18bd522c6e5

  • SHA512

    00c606b5a81417c28c9cda6e52df25d1586eef085c45852174029648e9d693f6e3c198f132f04df9b7177cbd34155152762f5b4b25da31529f150da405a54303

  • SSDEEP

    12288:Tvd1AWFWd7BVlfTEzr9bJIXyOFmDYbPCtUYJ:zdatbYFV5OFmXm4

Score
10/10
vidar713discoverystealer

Malware Config

Extracted

Family

vidar

Version

2.4

Botnet

713

C2

https://t.me/gurutist

https://steamcommunity.com/profiles/76561199476091435

http://95.216.164.28:80
Attributes
  • profile_id

    713

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36

Targets

    • Target

      JaffaCakes118_d98ee4b95d0ab9936f35306292c15f10f9d6766af098c3b050eae18bd522c6e5

    • Size

      688.0MB

    • MD5

      30604cb6187550a3e0adcffb4e457af8

    • SHA1

      1598ec179d74851bf9835ea9b74cb208d5a022b5

    • SHA256

      d98ee4b95d0ab9936f35306292c15f10f9d6766af098c3b050eae18bd522c6e5

    • SHA512

      00c606b5a81417c28c9cda6e52df25d1586eef085c45852174029648e9d693f6e3c198f132f04df9b7177cbd34155152762f5b4b25da31529f150da405a54303

    • SSDEEP

      12288:Tvd1AWFWd7BVlfTEzr9bJIXyOFmDYbPCtUYJ:zdatbYFV5OFmXm4

    Score
    10/10
    vidar713discoverystealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks