Overview

overview

10

Static

static

9ce7a85ba3...d1.exe

windows7_x64

10

9ce7a85ba3...d1.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    13-10-2021 17:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ce7a85ba3d9b83cfe600c41859b1bd1.exe

  • Size

    744KB

  • MD5

    9ce7a85ba3d9b83cfe600c41859b1bd1

  • SHA1

    bd1be91996a50af60298dbdb424f608e4f80a8d7

  • SHA256

    d9b6823ca8e13b78c269c5d21e948dbab625ea87d3370d163eeabeb3822aef56

  • SHA512

    7aad0065d6f748fe63777dcc1fa541d049aa55434eef5b67f0ec1110b63960bb3ee43ea16d6d03aecda4ac3ae794d623a7ac22802edfe61765695fd0e268816a

Score
10/10
vidar1008stealer

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 2 IoCs
    stealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ce7a85ba3d9b83cfe600c41859b1bd1.exe
    "C:\Users\Admin\AppData\Local\Temp\9ce7a85ba3d9b83cfe600c41859b1bd1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 860
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1544-53-0x000000000030B000-0x0000000000388000-memory.dmp
    Filesize

    500KB

    Download
  • memory/1544-54-0x0000000074B91000-0x0000000074B93000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1544-56-0x0000000000400000-0x000000000172D000-memory.dmp
    Filesize

    19.2MB

    Download
  • memory/1544-55-0x0000000002F90000-0x0000000003066000-memory.dmp
    Filesize

    856KB

    Download
  • memory/1692-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1692-58-0x00000000003C0000-0x00000000003C1000-memory.dmp
    Filesize

    4KB

    Download