Overview

overview

10

Static

static

1

RisingStrip.exe

windows7-x64

10

RisingStrip.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RisingStrip.exe

  • Size

    1.1MB

  • Sample

    250204-af667sxre1

  • MD5

    754abb74ca81d5ac0338dc27c0419467

  • SHA1

    6b1266ea2b305178dc1b7bd17e4bf22c2ef6417e

  • SHA256

    ea8c2ccdcad3914c89165d94a5916986ee9ba4fbccce3563eaa5facba38cceb6

  • SHA512

    42eb7b838aa0b6009d5f5cf214797837b5876c6ce312ecebcf0864a5a82c85a71c854f0e4410c2aaa6d7fc147ed07584ae49011909290808e9d64dbfe3814cd2

  • SSDEEP

    24576:gmrT0o4MiMwK5w91RKUfX9F2sLwS6TJPTP/ACvFL0i+ZESls7emA:109MwK5+/KUP9F2MbirP/ACvFLSEPA

Score
10/10
vidarhu76fadiscoverystealer

Malware Config

Extracted

Family

vidar

Botnet

hu76fa

C2

https://t.me/w211et

https://steamcommunity.com/profiles/76561199811540174
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Targets

    • Target

      RisingStrip.exe

    • Size

      1.1MB

    • MD5

      754abb74ca81d5ac0338dc27c0419467

    • SHA1

      6b1266ea2b305178dc1b7bd17e4bf22c2ef6417e

    • SHA256

      ea8c2ccdcad3914c89165d94a5916986ee9ba4fbccce3563eaa5facba38cceb6

    • SHA512

      42eb7b838aa0b6009d5f5cf214797837b5876c6ce312ecebcf0864a5a82c85a71c854f0e4410c2aaa6d7fc147ed07584ae49011909290808e9d64dbfe3814cd2

    • SSDEEP

      24576:gmrT0o4MiMwK5w91RKUfX9F2sLwS6TJPTP/ACvFL0i+ZESls7emA:109MwK5+/KUP9F2MbirP/ACvFLSEPA

    Score
    10/10
    vidarhu76fadiscoverystealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks