Overview

overview

10

Static

static

782cebd33e...99.exe

windows7_x64

10

782cebd33e...99.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    162s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    15-02-2022 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799.exe

  • Size

    607KB

  • MD5

    42f0684b2175950eaa2912a87017736d

  • SHA1

    0a6bdbf0add85eecee43c75d5af30a39289fa275

  • SHA256

    782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799

  • SHA512

    3e155363ca7746f4042c49d3bde7c3427d1099ba0e15ad4649ffc542377d4e5113d8616d30b66320bd086cb6ac9fd0a7ac43a98644aec4522765f0e4193ac8b7

Score
10/10
vidar937stealer

Malware Config

Extracted

Family

vidar

Version

48.7

Botnet

937

C2

https://mstdn.social/@anapa

https://mastodon.social/@mniami
Attributes
  • profile_id

    937

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 2 IoCs
    stealer
  • Drops file in Windows directory 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799.exe
    "C:\Users\Admin\AppData\Local\Temp\782cebd33e7cc06a65d9869c356ce9fe15d6456f7e1753442c9c1229652c2799.exe"
    1⤵
      PID:3608
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3616
    • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
      C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:5036

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3608-130-0x0000000002240000-0x00000000022BB000-memory.dmp
      Filesize

      492KB

      Download
    • memory/3608-131-0x00000000022C0000-0x0000000002395000-memory.dmp
      Filesize

      852KB

      Download
    • memory/3608-132-0x0000000000400000-0x00000000004D8000-memory.dmp
      Filesize

      864KB

      Download
    • memory/3616-133-0x0000019415820000-0x0000019415830000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3616-134-0x0000019415880000-0x0000019415890000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3616-135-0x0000019417F50000-0x0000019417F54000-memory.dmp
      Filesize

      16KB

      Download