vidar | 782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799 | Triage

Analysis

max time kernel
148s
max time network
186s
platform
windows7_x64
resource
win7-en-20211208
submitted
15-02-2022 12:09

Sharing

Report Analysis Logs

General

Target

782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799.exe
Size

607KB
MD5

42f0684b2175950eaa2912a87017736d
SHA1

0a6bdbf0add85eecee43c75d5af30a39289fa275
SHA256

782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799
SHA512

3e155363ca7746f4042c49d3bde7c3427d1099ba0e15ad4649ffc542377d4e5113d8616d30b66320bd086cb6ac9fd0a7ac43a98644aec4522765f0e4193ac8b7

Score

10^/10

vidar 937 stealer

Malware Config

Extracted

Family

vidar

Version

48.7

Botnet

937

C2

https://mstdn.social/@anapa

https://mastodon.social/@mniami

Attributes

profile_id
937

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Vidar Stealer 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1564-56-0x0000000001D10000-0x0000000001DE5000-memory.dmp	family_vidar
behavioral1/memory/1564-57-0x0000000000400000-0x00000000004D8000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799.exe
"C:\Users\Admin\AppData\Local\Temp\782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799.exe"
1⤵
PID:1564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1564-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download
memory/1564-55-0x0000000000260000-0x00000000002DB000-memory.dmp

Filesize
492KB

Download
memory/1564-56-0x0000000001D10000-0x0000000001DE5000-memory.dmp

Filesize
852KB

Download
memory/1564-57-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download