Overview

overview

10

Static

static

dbc0302e93...41.exe

windows7_x64

10

dbc0302e93...41.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    15-02-2022 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbc0302e93bc96ba1b4f31b89bedd6296c2357031e4f7cab2cf92a7dbbea2c41.exe

  • Size

    716KB

  • MD5

    63f4b6eaa164b32ecca0e2aafa789cec

  • SHA1

    35e6ac15b1a7f15b3d105f3796dcb54c67170abb

  • SHA256

    dbc0302e93bc96ba1b4f31b89bedd6296c2357031e4f7cab2cf92a7dbbea2c41

  • SHA512

    28947763a80114af308ee51726b1072777260fd9766be0a2c6be8a7d1c78c29b5496e59a790ab897c9d6b13731b17bb5f6faebba546a538a96e319c87aa29fee

Score
10/10
vidar932stealer

Malware Config

Extracted

Family

vidar

Version

48.1

Botnet

932

C2

https://koyu.space/@rspich

Attributes
  • profile_id

    932

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 2 IoCs
    stealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbc0302e93bc96ba1b4f31b89bedd6296c2357031e4f7cab2cf92a7dbbea2c41.exe
    "C:\Users\Admin\AppData\Local\Temp\dbc0302e93bc96ba1b4f31b89bedd6296c2357031e4f7cab2cf92a7dbbea2c41.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 1268
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1300-59-0x0000000000660000-0x0000000000661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1748-54-0x0000000002CED000-0x0000000002D69000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1748-55-0x0000000075761000-0x0000000075763000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1748-56-0x0000000002CED000-0x0000000002D69000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1748-57-0x0000000002BB0000-0x0000000002C85000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1748-58-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download