vidar | eb40ac57537a23f30440ef449be5f59cecce8972d8c2583008197c3a81991266 | Triage

Analysis

max time kernel
120s
max time network
153s
platform
windows7_x64
resource
win7-en-20211208
submitted
11-02-2022 23:25

Sharing

Report Analysis Logs

General

Target

eb40ac57537a23f30440ef449be5f59cecce8972d8c2583008197c3a81991266.exe
Size

644KB
MD5

a6a0781d4edf57fa7349be0354d284e8
SHA1

ea4f657dc0ef642155844cbb35cfb5642b8ae312
SHA256

eb40ac57537a23f30440ef449be5f59cecce8972d8c2583008197c3a81991266
SHA512

720cc3e92dbdd6a454a2ae58e41e45e1e485c82dd1f1d836641ce70f9d62796abf9ff80cedbb58b9172d2e12aa8d9d42442d45b3d3e103312ba325364c0877cf

Score

10^/10

vidar 937 stealer

Malware Config

Extracted

Family

vidar

Version

49

Botnet

937

C2

https://mstdn.social/@sergeev43

https://koyu.space/@sergeev45

Attributes

profile_id
937

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Vidar Stealer 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/288-57-0x00000000009B0000-0x0000000000A89000-memory.dmp	family_vidar
behavioral1/memory/288-58-0x0000000000400000-0x00000000004DC000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\eb40ac57537a23f30440ef449be5f59cecce8972d8c2583008197c3a81991266.exe
"C:\Users\Admin\AppData\Local\Temp\eb40ac57537a23f30440ef449be5f59cecce8972d8c2583008197c3a81991266.exe"
1⤵
PID:288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/288-55-0x0000000076921000-0x0000000076923000-memory.dmp

Filesize
8KB

Download
memory/288-56-0x00000000008F0000-0x000000000096C000-memory.dmp

Filesize
496KB

Download
memory/288-57-0x00000000009B0000-0x0000000000A89000-memory.dmp

Filesize
868KB

Download
memory/288-58-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download