Overview
overview
10Static
static
1Setup.exe
windows7-x64
10Setup.exe
windows10-1703-x64
10Setup.exe
windows10-2004-x64
10Setup.exe
windows11-21h2-x64
10Setup.exe
android-9-x86
Setup.exe
android-10-x64
Setup.exe
android-11-x64
Setup.exe
macos-10.15-amd64
1Setup.exe
ubuntu-18.04-amd64
Setup.exe
debian-9-armhf
Setup.exe
debian-9-mips
Setup.exe
debian-9-mipsel
General
-
Target
Setup.zip
-
Size
22.9MB
-
Sample
240629-dcnr8szane
-
MD5
e1f55747103934ef5573148034a58eb2
-
SHA1
b0e417041f70c3b025b40bd5f78d329c6c322d81
-
SHA256
d688113f745fbdea695db3f1c441431617fd6e07dba111d61c24126c0b0314a4
-
SHA512
5ac7e5680d6cea9094d25b678133ed595bfe9bec75752e0513ac161f9d7ab50627eb318a7b52ff585ba914fa1689400641113c78ea9c0b4fd886cd9a9e6ef759
-
SSDEEP
393216:cwxNGM8CmiC0/BhMgKoz2a4kc4iocKFVIkWji+GjzEB6eng0MheLivPlpre4GDnY:cwxN3oizwcwocKFyW+EEB6eg00eGy0
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
Setup.exe
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
Setup.exe
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral6
Sample
Setup.exe
Resource
android-x64-20240624-en
Behavioral task
behavioral7
Sample
Setup.exe
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
Setup.exe
Resource
macos-20240611-en
Behavioral task
behavioral9
Sample
Setup.exe
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral10
Sample
Setup.exe
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral11
Sample
Setup.exe
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral12
Sample
Setup.exe
Resource
debian9-mipsel-20240611-en
Malware Config
Extracted
stealc
Extracted
vidar
10.1
bd7a7ef85507e39998176b88b253bdb9
https://t.me/memve4erin
https://steamcommunity.com/profiles/76561199699680841
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
Setup.exe
-
Size
707.9MB
-
MD5
b25431a1b7b821eef6f77698c18fabb7
-
SHA1
8986dac902bc4827925550dab54d522c9d508d50
-
SHA256
b81deb9f7a113389c170b54921cd8ec33216e7819b91b3a413e2ee79ad592434
-
SHA512
474e6f1ad5eb02557f3046e6f23f176bca72248617a2b6c4b9378ac18b72e32175a8976e3e8d106c454d12b946e920aa1048e374b701c218f87df1d335d15f27
-
SSDEEP
196608:P/tv60Dx802nynypt/G0o55XGyPkqPVGEt3eaie54JngocFYKAAPIVelZ3wTVCZU:tBx802nygh6WwZjeaF549X
-
Detect Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-