Overview

overview

10

Static

static

#Encoder_n2.bin.exe

windows7_x64

10

#Encoder_n2.bin.exe

windows10_x64

10

Analysis

  • max time kernel
    136s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    01-12-2021 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    #Encoder_n2.bin.exe

  • Size

    722KB

  • MD5

    bc8eaaafd8feb26a72f74dcdb99c7865

  • SHA1

    818aa87338d4df601db15f976b70b016e2e23d06

  • SHA256

    9d4f3c4a7bce15559a9501b2c7d2ecf8f005a1b325dd407dff8054ed0e3e9b17

  • SHA512

    c49c05d3663529b949863cb714d3cbfe7869551e4a6b57dc5281c7ba569fe1c90481a135fb689edf8bd7121b48fd78eb9efe2a0d8960023d161ec0f47f5bfcad

Score
10/10
vidar517stealer

Malware Config

Extracted

Family

vidar

Version

48.7

Botnet

517

C2

https://mstdn.social/@anapa

https://mastodon.social/@mniami
Attributes
  • profile_id

    517

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 4 IoCs
    stealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\#Encoder_n2.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\#Encoder_n2.bin.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Users\Admin\AppData\Local\Temp\#Encoder_n2.bin.exe
      "C:\Users\Admin\AppData\Local\Temp\#Encoder_n2.bin.exe"
      2⤵
        PID:800

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/800-57-0x00000000004A140D-mapping.dmp
      Download
    • memory/800-59-0x00000000764D1000-0x00000000764D3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/800-56-0x0000000000400000-0x00000000004D8000-memory.dmp
      Filesize

      864KB

      Download
    • memory/800-60-0x0000000000400000-0x00000000004D8000-memory.dmp
      Filesize

      864KB

      Download
    • memory/1692-55-0x000000000300B000-0x0000000003087000-memory.dmp
      Filesize

      496KB

      Download
    • memory/1692-58-0x0000000002E10000-0x0000000002EE5000-memory.dmp
      Filesize

      852KB

      Download