Overview

overview

10

Static

static

a1d952bac5...dd.exe

windows7_x64

10

a1d952bac5...dd.exe

windows10_x64

10

Analysis

  • max time kernel
    128s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    13-10-2021 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1d952bac582c5d5f44c6f0ff09ebedd.exe

  • Size

    744KB

  • MD5

    a1d952bac582c5d5f44c6f0ff09ebedd

  • SHA1

    4dced96e35ea074c01e6bd4c5b8fc3c881c695e7

  • SHA256

    2692f4594cebfa3afca882274dc1432fea1ccbc7d3f37db3e15059722db1d97b

  • SHA512

    6bfc2f1ff5ded10c0dc355757fcca092b0388c9cce11e725cb5c77a0dae11ab1b004dd42b11d90d468cf09c23d1db5e70b9afc3112ebe1727b401af871516e48

Score
10/10
vidar1008stealer

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 2 IoCs
    stealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1d952bac582c5d5f44c6f0ff09ebedd.exe
    "C:\Users\Admin\AppData\Local\Temp\a1d952bac582c5d5f44c6f0ff09ebedd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 872
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1368-54-0x000000000030B000-0x0000000000388000-memory.dmp
    Filesize

    500KB

    Download
  • memory/1368-55-0x00000000768C1000-0x00000000768C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1368-56-0x0000000002F10000-0x0000000002FE6000-memory.dmp
    Filesize

    856KB

    Download
  • memory/1368-57-0x0000000000400000-0x000000000172D000-memory.dmp
    Filesize

    19.2MB

    Download
  • memory/1812-58-0x0000000000000000-mapping.dmp
    Download
  • memory/1812-59-0x0000000000990000-0x0000000000991000-memory.dmp
    Filesize

    4KB

    Download