Analysis
-
max time kernel
137s -
max time network
138s -
platform
windows7_x64 -
resource
win7-en -
submitted
15-09-2021 14:31
Static task
static1
Behavioral task
behavioral1
Sample
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe
Resource
win7-en
0 signatures
0 seconds
General
-
Target
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe
-
Size
594KB
-
MD5
c25627d082399616d43b9ff5c66de1df
-
SHA1
0d31624229601b16d037e22f8a204d3701d7540a
-
SHA256
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127
-
SHA512
ee854ed5325c8de6aa68c9a3625d0e56d37f40302f1525c31df75b273bc12c59a46bd5bd736400821596b8fe068ef12a67900abaf06dafdec98c7f891f6bca09
Malware Config
Extracted
Family
vidar
Version
26.1
Botnet
237
C2
http://centos10.com/
Attributes
-
profile_id
237
Signatures
-
Vidar Stealer 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1156-54-0x0000000001BE0000-0x0000000001C69000-memory.dmp family_vidar behavioral1/memory/1156-55-0x0000000000400000-0x00000000004A5000-memory.dmp family_vidar -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exepid process 1156 0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe 1156 0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe 1156 0c55d2f909695e522759043833539287910b717860d22f1dbc007f2055a07127.exe