vidar | 00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746 | Triage

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
03-03-2022 19:32

Sharing

Report Analysis Logs

General

Target

Niepotwierdzony 65995.exe
Size

734KB
MD5

c7097d122fba46de9e13571342a53307
SHA1

b09df82eb86ae192d1c01e72719aeb0b1b32fb3f
SHA256

00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746
SHA512

7ae40df7313275f72467333a43f3b8e2ba79f96135bf1332920ec997fb6feceedc6f98353180b09b72f698832f03af96a6f32f85b5b70d43ef49d119404a5e1b

Score

10^/10

vidar 1031 stealer

Malware Config

Extracted

Family

vidar

Version

49.7

Botnet

1031

C2

https://mastodon.online/@prophef1

https://koyu.space/@prophef2

Attributes

profile_id
1031

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Vidar Stealer 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3268-131-0x0000000000AE0000-0x0000000000BB8000-memory.dmp	family_vidar
behavioral2/memory/3268-132-0x0000000000400000-0x00000000004DC000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\Niepotwierdzony 65995.exe
"C:\Users\Admin\AppData\Local\Temp\Niepotwierdzony 65995.exe"
1⤵
PID:3268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3268-130-0x00000000005F0000-0x000000000066D000-memory.dmp

Filesize
500KB

Download
memory/3268-131-0x0000000000AE0000-0x0000000000BB8000-memory.dmp

Filesize
864KB

Download
memory/3268-132-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download