Overview

overview

10

Static

static

bc8f0bfb94...58.exe

windows7_x64

10

bc8f0bfb94...58.exe

windows10_x64

10

Analysis

  • max time kernel
    131s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    13-10-2021 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc8f0bfb94d9a4455282bb072b79e858.exe

  • Size

    683KB

  • MD5

    bc8f0bfb94d9a4455282bb072b79e858

  • SHA1

    bb004397b82ba101f65a6aa9e8c7533061c01e2b

  • SHA256

    1fbbaa6cfa20d6e11a3e5e4ba0702f608d474cbf5a86eef891fb57a671c684be

  • SHA512

    60a40427f9011abc97e48dace42c8b0d9f39b1416e0d8dd27bab1110d99248fb8e273bd4218b8427bf6a4525c6d157b021703e43d5c5473d95f26f6e7d5ef1ad

Score
10/10
vidar1008stealer

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 2 IoCs
    stealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc8f0bfb94d9a4455282bb072b79e858.exe
    "C:\Users\Admin\AppData\Local\Temp\bc8f0bfb94d9a4455282bb072b79e858.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 772
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/300-58-0x0000000000000000-mapping.dmp
    Download
  • memory/300-59-0x00000000004E0000-0x00000000004E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1596-54-0x00000000002C8000-0x0000000000345000-memory.dmp
    Filesize

    500KB

    Download
  • memory/1596-55-0x00000000757B1000-0x00000000757B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1596-57-0x0000000000400000-0x00000000004D9000-memory.dmp
    Filesize

    868KB

    Download
  • memory/1596-56-0x0000000000550000-0x0000000000626000-memory.dmp
    Filesize

    856KB

    Download