Overview

overview

10

Static

static

ba1db6e862...e0.exe

windows7_x64

10

ba1db6e862...e0.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    14-10-2021 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba1db6e8623f5d616b06bc749b21b6e0.exe

  • Size

    742KB

  • MD5

    ba1db6e8623f5d616b06bc749b21b6e0

  • SHA1

    784b43d378764435fb0b334662d2be8ef71dac07

  • SHA256

    611796a36903059a2d1725d7849a375b9aa2902254c0d5f5fa2122e83570ea3a

  • SHA512

    9fff1d772d9799e833020aa2063e7652795bb077f50b3d18ae49fb1a0c88a800d500f38bb72161dba9a9918ec90757868fd2715cd6e318607ad7efc58d0f8dd9

Score
10/10
vidar1008stealer

Malware Config

Extracted

Family

vidar

Version

41.3

Botnet

1008

C2

https://mas.to/@oleg98

Attributes
  • profile_id

    1008

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 2 IoCs
    stealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba1db6e8623f5d616b06bc749b21b6e0.exe
    "C:\Users\Admin\AppData\Local\Temp\ba1db6e8623f5d616b06bc749b21b6e0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 868
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-54-0x000000000180B000-0x0000000001887000-memory.dmp
    Filesize

    496KB

    Download
  • memory/1092-55-0x0000000074B41000-0x0000000074B43000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1092-56-0x00000000002F0000-0x00000000003C6000-memory.dmp
    Filesize

    856KB

    Download
  • memory/1092-57-0x0000000000400000-0x000000000172D000-memory.dmp
    Filesize

    19.2MB

    Download
  • memory/1492-58-0x0000000000000000-mapping.dmp
    Download
  • memory/1492-59-0x0000000000620000-0x0000000000621000-memory.dmp
    Filesize

    4KB

    Download