MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82948da99da3fd6155587bed4bbb48f8246511683dfb29b23a8e3811a7d5621a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vidar


Vendor detections: 8


Intelligence 8 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82948da99da3fd6155587bed4bbb48f8246511683dfb29b23a8e3811a7d5621a
SHA3-384 hash: baa09a76b50824632a181c43fe63c3ec2d3e60906ec5b77dc05ba2f8aa191996d92c9a2a1680e8169c63906599c68543
SHA1 hash: c1781ab9c0a19cb679add07f7920e71333aa7e5c
MD5 hash: f53a5244b6eea00f75879b5167720bf1
humanhash: mockingbird-tennessee-ink-nebraska
File name:Satup-HERE.7z
Download: download sample
Signature Vidar
Create hunting rule
File size:330'293 bytes
First seen:2025-06-18 19:06:35 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 6144:WWGDQU2ErwC5DcQC0slSdBUhx+VS7WoR6zJhEn9FGRXrOfcakFqdd:WWkv2ErDgQC0Jex+gaoWhEfGRXyfcpGd
TLSH T1D164122ED006AFC8C331D96F1FC7E660296B02BF5FA2AB53715A34535FC859A7028467
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:7z dllHijack vidar


Avatar
iamaachum
https://fileswoop.cloud/ZGE0ZWVlODKodVetnt89qFGsJaPmF6EH2N1TTHVpZD0xMg => https://mega.nz/file/qQ82hC7B#oNLLw_IqM741d07u6OFpSdsUVy6OTNf-m-GZ606dnRk

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
ES ES
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:gup.xml
File size:4'608 bytes
SHA256 hash: 92717951aae89e960b142cef3d273f104051896a3d527a78ca4a88c22b5216a5
MD5 hash: abde55a0b1cb4a904e622c02f559dcd1
MIME type:text/xml
Signature Vidar
File name:read.me.rar
File size:84'834'285 bytes
SHA256 hash: aae256747d5b6dc84b2491482e5b8f3577eb429e79d8e0a5ba98c3d857e5ea38
MD5 hash: e5f9f4c3ef7d22b99cda17acda54facf
MIME type:application/x-rar
Signature Vidar
File name:setup.exe
File size:804'688 bytes
SHA256 hash: eaac64c113ebaba1fae924ad1b6239a44c8806bf2b85d8dc11a27ad65a981cc1
MD5 hash: bca6478b230b6920fe79b97a3066e835
MIME type:application/x-dosexec
Signature Vidar
File name:libcurl.dll
File size:159'744 bytes
SHA256 hash: 6232ab81f91b3c5555378477d1e436d7cf10883ac63b4afdb7267e6751c0b140
MD5 hash: be70d2117dca44147af8f44cfd0db3d3
MIME type:application/x-dosexec
Signature Vidar
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.19734.9297.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6853dd047fd2eba8b33b1b28
Tags:
dropper virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm microsoft_visual_cc
Link:
https://www.filescan.io/uploads/68530e7366c4b5c0b99a77bc/reports/ab8b54c7-09e4-41d5-8a68-de84e1d48c59/overview
Verdict:
Suspicious
Labled as:
Trojan.Win64.Downloader
Link:
https://www.hybrid-analysis.com/sample/82948da99da3fd6155587bed4bbb48f8246511683dfb29b23a8e3811a7d5621a
Score:
93%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/82948da99da3fd6155587bed4bbb48f8246511683dfb29b23a8e3811a7d5621a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82948da99da3fd6155587bed4bbb48f8246511683dfb29b23a8e3811a7d5621a/
Threat name:
Win64.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2025-06-17 23:20:18 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qkki3km5up6wcvkyppwuxo2i7asgkelihx5stmr2ry4bdj6vmina._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
vidar
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/82948da99da3fd6155587bed4bbb48f8246511683dfb29b23a8e3811a7d5621a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Vidar

7z 82948da99da3fd6155587bed4bbb48f8246511683dfb29b23a8e3811a7d5621a

(this sample)

Vidar

Executable exe fc54dc9015290f23dc058771656c5e27d46b429238d0879f86c9003f5c66d8c2

  
Dropping
SHA256 fc54dc9015290f23dc058771656c5e27d46b429238d0879f86c9003f5c66d8c2
  
Dropping
SHA256 6232ab81f91b3c5555378477d1e436d7cf10883ac63b4afdb7267e6751c0b140
  
Delivery method
Distributed via web download
  
Dropping
MD5 d991cdfecbc9de3bef9863efffac4d36
  
Dropping
MD5 be70d2117dca44147af8f44cfd0db3d3

Comments