Overview

overview

10

Static

static

55c13fa59c8517...a5.exe

windows7_x64

10

55c13fa59c8517...a5.exe

windows10-2004_x64

10
General
Target

55c13fa59c8517e58164f51bb3b5cab7a28c88f82ba578df2f73795c9329b7a5.exe

Filesize

721KB

Completed

15-02-2022 13:20

Task

behavioral1

Score
10/10
MD5

09f01e9e875c7a1d76bb0817a07f0cac

SHA1

08760e083a332d50badc6bfc62a49deb5809e83d

SHA256

55c13fa59c8517e58164f51bb3b5cab7a28c88f82ba578df2f73795c9329b7a5

SHA256

4f53696dee4ded4ab71d7e3d4362b13b8508d4a79b2690782edfbd96b59053c2ead2b677bf9214b2ef489a1a3b96abbc9ec11fd447fd6d610b1cc71c5e6fee7f

Malware Config

Extracted

Family

vidar
Version

48.7
Botnet

937
C2

https://mstdn.social/@anapa

https://mastodon.social/@mniami
Attributes
profile_id
937
Signatures 2

Filter: none

  • Vidar

    Description

    Vidar is an infostealer based on Arkei stealer.

    Tags

  • Vidar Stealer

    Tags

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1684-57-0x00000000002D0000-0x00000000003A5000-memory.dmpfamily_vidar
    behavioral1/memory/1684-58-0x0000000000400000-0x00000000004D8000-memory.dmpfamily_vidar
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\55c13fa59c8517e58164f51bb3b5cab7a28c88f82ba578df2f73795c9329b7a5.exe
    "C:\Users\Admin\AppData\Local\Temp\55c13fa59c8517e58164f51bb3b5cab7a28c88f82ba578df2f73795c9329b7a5.exe"
    PID:1684
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • memory/1684-54-0x0000000002C6B000-0x0000000002CE7000-memory.dmp

                            Download

                          • memory/1684-55-0x0000000075761000-0x0000000075763000-memory.dmp

                            Download

                          • memory/1684-56-0x0000000002C6B000-0x0000000002CE7000-memory.dmp

                            Download

                          • memory/1684-57-0x00000000002D0000-0x00000000003A5000-memory.dmp

                            Download

                          • memory/1684-58-0x0000000000400000-0x00000000004D8000-memory.dmp

                            Download