Analysis
-
max time kernel
137s -
max time network
138s -
platform
windows7_x64 -
resource
win7-en -
submitted
15-09-2021 14:31
General
-
Target
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe
-
Size
594KB
-
MD5
c25627d082399616d43b9ff5c66de1df
-
SHA1
0d31624229601b16d037e22f8a204d3701d7540a
-
SHA256
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127
-
SHA512
ee854ed5325c8de6aa68c9a3625d0e56d37f40302f1525c31df75b273bc12c59a46bd5bd736400821596b8fe068ef12a67900abaf06dafdec98c7f891f6bca09
Score
10/10
Malware Config
Extracted
Family
vidar
Version
26.1
Botnet
237
C2
http://centos10.com/
Attributes
-
profile_id
237
Signatures
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe"C:\Users\Admin\AppData\Local\Temp\0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1156-53-0x0000000075911000-0x0000000075913000-memory.dmpFilesize
8KB
-
memory/1156-54-0x0000000001BE0000-0x0000000001C69000-memory.dmpFilesize
548KB
-
memory/1156-55-0x0000000000400000-0x00000000004A5000-memory.dmpFilesize
660KB