Overview

overview

10

Static

static

1

a3a5303a15...84.hta

windows7-x64

10

a3a5303a15...84.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3a5303a15cf016427104042c4968b9483abbb062af46fc138d4401078f2fe84.hta

  • Size

    1KB

  • Sample

    250123-ems1da1nfw

  • MD5

    1dfba5185b0ae861c21126772ac49ea0

  • SHA1

    37c29cdb305fbd84ad1a1ef374c879c050081d08

  • SHA256

    a3a5303a15cf016427104042c4968b9483abbb062af46fc138d4401078f2fe84

  • SHA512

    edfb52732ea84bee692123596c9016a075369ee378ac99e6f359c4eeddc541c39b929b482a6fb544c76469b007c661533b2fc12d27ac644decc29697b776e4e1

Score
10/10
vidardiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Targets

    • Target

      a3a5303a15cf016427104042c4968b9483abbb062af46fc138d4401078f2fe84.hta

    • Size

      1KB

    • MD5

      1dfba5185b0ae861c21126772ac49ea0

    • SHA1

      37c29cdb305fbd84ad1a1ef374c879c050081d08

    • SHA256

      a3a5303a15cf016427104042c4968b9483abbb062af46fc138d4401078f2fe84

    • SHA512

      edfb52732ea84bee692123596c9016a075369ee378ac99e6f359c4eeddc541c39b929b482a6fb544c76469b007c661533b2fc12d27ac644decc29697b776e4e1

    Score
    10/10
    vidardiscoverystealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks