Analysis
-
max time kernel
140s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
03-03-2022 19:32
Static task
static1
Behavioral task
behavioral1
Sample
Niepotwierdzony 65995.exe
Resource
win7-20220223-en
windows7_x64
0 signatures
0 seconds
General
-
Target
Niepotwierdzony 65995.exe
-
Size
734KB
-
MD5
c7097d122fba46de9e13571342a53307
-
SHA1
b09df82eb86ae192d1c01e72719aeb0b1b32fb3f
-
SHA256
00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746
-
SHA512
7ae40df7313275f72467333a43f3b8e2ba79f96135bf1332920ec997fb6feceedc6f98353180b09b72f698832f03af96a6f32f85b5b70d43ef49d119404a5e1b
Malware Config
Extracted
Family
vidar
Version
49.7
Botnet
1031
C2
https://mastodon.online/@prophef1
https://koyu.space/@prophef2
Attributes
-
profile_id
1031
Signatures
-
Vidar Stealer 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3268-131-0x0000000000AE0000-0x0000000000BB8000-memory.dmp family_vidar behavioral2/memory/3268-132-0x0000000000400000-0x00000000004DC000-memory.dmp family_vidar