Overview

overview

10

Static

static

3

R.3.L.E.$.E-1.zip

windows10-2004-x64

1

README.txt

windows10-2004-x64

1

Rel3aseUi/...Ui.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    R.3.L.E.$.E-1.zip

  • Size

    2.4MB

  • Sample

    250420-xc8xys1yf1

  • MD5

    53bbe83009cfcb949480bd34ab4bd6ee

  • SHA1

    b12a44ebef54226ddd149a531b58c3caec0e4682

  • SHA256

    7cef706bc97b302f19b60a3f13709abbbafa4e31644ee9b1ca88d5a02a5ebb2a

  • SHA512

    7e3372ebcbbea836bc4916d1b50a9efe0a9b9c08a2ae8fbfe961820f3a2d96bcbcc6f925db65708870347aa259f8321418af5debeaff95272e6cdd99733adf28

  • SSDEEP

    49152:ob8jYt9NBqDsg4hagduhQrwlKZizCWSE8ScyXbsrEHlKyqn+8yXQLR:gy0/fP0hQHiztPpXbsrk5ALR

Score
10/10
vidareb17a39311b2fbc653bb6a88c15634e4credential_accessdiscoverystealer

Malware Config

Extracted

Family

vidar

Version

13.5

Botnet

eb17a39311b2fbc653bb6a88c15634e4

C2

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Targets

    • Target

      R.3.L.E.$.E-1.zip

    • Size

      2.4MB

    • MD5

      53bbe83009cfcb949480bd34ab4bd6ee

    • SHA1

      b12a44ebef54226ddd149a531b58c3caec0e4682

    • SHA256

      7cef706bc97b302f19b60a3f13709abbbafa4e31644ee9b1ca88d5a02a5ebb2a

    • SHA512

      7e3372ebcbbea836bc4916d1b50a9efe0a9b9c08a2ae8fbfe961820f3a2d96bcbcc6f925db65708870347aa259f8321418af5debeaff95272e6cdd99733adf28

    • SSDEEP

      49152:ob8jYt9NBqDsg4hagduhQrwlKZizCWSE8ScyXbsrEHlKyqn+8yXQLR:gy0/fP0hQHiztPpXbsrk5ALR

    Score
    1/10
    behavioral1

    • Target

      README.txt

    • Size

      95B

    • MD5

      eb2d3b74e1a6d524bf9409757fe9f3fa

    • SHA1

      258efb44fa55e7bf6436ff820f99303985956a07

    • SHA256

      a882f579fe1f8d02515c4f4ca9a59bf9ba8422ad14ce99f455b2ceeea10a6432

    • SHA512

      4fcfee6f946d0a23d56fe9f4c3a587a03e3bab03a40943767dfab0502d6dbca4662404710b5fb6af332b46a9093be29ad51e6a8993b9be1d99d85ed55d298959

    Score
    1/10
    behavioral2

    • Target

      Rel3aseUi/ReleaseUi.exe

    • Size

      81KB

    • MD5

      41c2401a4ecf9c80796e534d388e56cd

    • SHA1

      e844e6b178ef8191ce189c0e632dc7fdb2947db3

    • SHA256

      0e5a768a611a4d0ed7cb984b2ee790ad419c6ce0be68c341a2d4f64c531d8122

    • SHA512

      6f7d365f10b45cc88d8968020f6232974398cc1b46710bf650c5aa162c40d48fef0a035b29fc1b0271d4f69410fbca1b4a4119d816eeec205043175981429071

    • SSDEEP

      1536:dEV+sOWSnk3uXcieWN8WBnc1br8zlZAHaG8CaWCMp+O7Xg5U:dEV+sFSkMxRnc1br8j0aCCMXL7

    Score
    10/10
    vidareb17a39311b2fbc653bb6a88c15634e4credential_accessdiscoverystealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Suspicious use of SetThreadContext

    behavioral3

MITRE ATT&CK Enterprise v16

Tasks