Overview

overview

10

Static

static

3

sample2.exe

windows7-x64

10

sample2.exe

windows10-2004-x64

10

Resubmissions

27/03/2025, 04:11

250327-eryresxsgy 10

16/03/2025, 18:38

250316-xaftdsxsct 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample2.exe

  • Size

    871KB

  • Sample

    250316-xaftdsxsct

  • MD5

    dd1b734796b4aa40af46b4d69e1e2da2

  • SHA1

    d5273be84dfa0c54fc9cefff7bcc24fed3e20e1c

  • SHA256

    361411e6321c45c845669ac89e32feec0bdd97916b5d73f508c43576b8a15a20

  • SHA512

    2de21b09091caaa2cfca919fb8e5777afb80ff1eba12b81b2f9a6fde3c94aea52f3bba22ad801bae37fb8816fc7e738c54fc2639d8f6cf47e04d4bc0dbd2af56

  • SSDEEP

    12288:iANwRo+mv8QD4+0V165iTr/erjzuQhyACzHDxx/PI11TUeJpIPxSG6zKzxSg564k:iAT8QE+kms0LrSPY/TUeJ4jVzCW1qQa

Score
10/10
raccoonvidar651discoverypersistencespywarestealer

Malware Config

Extracted

Family

vidar

Version

28.3

Botnet

651

C2

http://manillamemories.com/

Attributes
  • profile_id

    651

Targets

    • Target

      sample2.exe

    • Size

      871KB

    • MD5

      dd1b734796b4aa40af46b4d69e1e2da2

    • SHA1

      d5273be84dfa0c54fc9cefff7bcc24fed3e20e1c

    • SHA256

      361411e6321c45c845669ac89e32feec0bdd97916b5d73f508c43576b8a15a20

    • SHA512

      2de21b09091caaa2cfca919fb8e5777afb80ff1eba12b81b2f9a6fde3c94aea52f3bba22ad801bae37fb8816fc7e738c54fc2639d8f6cf47e04d4bc0dbd2af56

    • SSDEEP

      12288:iANwRo+mv8QD4+0V165iTr/erjzuQhyACzHDxx/PI11TUeJpIPxSG6zKzxSg564k:iAT8QE+kms0LrSPY/TUeJ4jVzCW1qQa

    Score
    10/10
    raccoonvidar651discoverypersistencespywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • Raccoon family

      raccoon

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Vidar Stealer

      stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks