Behavioral Report

max time kernel149s
max time network167s
platformwindows7_x64
resourcewin7-en-20211208
submitted12-02-2022 10:53

Report
Files
Registry
Network
Processes
Mutex
Misc

Target

1ddaf1428fbb50f5ca15d0bd22c778c3589161d51a77791f0aa645a8dd9e9191.exe

Filesize

734KB

Completed

12-02-2022 11:13

Task

behavioral1

Score

10^/10

MD5

3f5c3438e86329ed834cf51c85606c4d

SHA1

10d9c1ce923238976037299149eceb06c31e90c4

SHA256

1ddaf1428fbb50f5ca15d0bd22c778c3589161d51a77791f0aa645a8dd9e9191

SHA256

72d0aaa941f46b8fc7ea8f8e75f70b4e41af7079dc13053600a0937ca695d59a9a7276df9f3080f9605456312fd485a869aad37692441628102a2899a2c8ebab

vidar 937 stealer

Extracted

Family	vidar
Version	49.1
Botnet	937
C2	https://noc.social/@sergeev46 https://c.im/@sergeev47 https://noc.social/@sergeev46 https://c.im/@sergeev47
Attributes	profile_id 937

Vidar

Description

Vidar is an infostealer based on Arkei stealer.

Tags

stealer vidar

Vidar Stealer

Reported IOCs

resource	yara_rule
behavioral1/memory/832-58-0x0000000000540000-0x0000000000619000-memory.dmp	family_vidar
behavioral1/memory/832-59-0x0000000000400000-0x00000000004DD000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\1ddaf1428fbb50f5ca15d0bd22c778c3589161d51a77791f0aa645a8dd9e9191.exe

"C:\Users\Admin\AppData\Local\Temp\1ddaf1428fbb50f5ca15d0bd22c778c3589161d51a77791f0aa645a8dd9e9191.exe"

PID:832

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

00:00 00:00

memory/832-55-0x00000000006AB000-0x0000000000728000-memory.dmp

Download
memory/832-56-0x00000000763F1000-0x00000000763F3000-memory.dmp

Download
memory/832-57-0x00000000006AB000-0x0000000000728000-memory.dmp

Download
memory/832-58-0x0000000000540000-0x0000000000619000-memory.dmp

Download
memory/832-59-0x0000000000400000-0x00000000004DD000-memory.dmp

Download

Extracted

Filter: none

Description

Tags

Tags

Reported IOCs

Title