Analysis
-
max time kernel
4294199s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
23-03-2022 16:22
Static task
static1
Behavioral task
behavioral1
Sample
77746978.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
General
-
Target
77746978.exe
-
Size
634KB
-
MD5
5d131a92e3334e203f1b5fda3c1a14f1
-
SHA1
ded427c74d607b34994dfec005ed3fd64dee1ee9
-
SHA256
f700fd436e23d06d5bab9f8063b82bba5ad472cdc8ed5f7cab3bfc4e99f85799
-
SHA512
1fefed226605a9f84e1ba46dc9184bb060b4757fcdf3f92db91d1e5faff32b41f92d36defeb35192ef26666b65e5f6d8189196d37c9a78aef6bef2aed90744fc
Malware Config
Extracted
Family
vidar
Version
50.2
Botnet
565
C2
https://c.im/@killern3ax
https://qoto.org/@kill4rnix
Attributes
-
profile_id
565
Signatures
-
Vidar Stealer 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1096-56-0x0000000003210000-0x00000000032BC000-memory.dmp family_vidar behavioral1/memory/1096-57-0x0000000000400000-0x000000000196E000-memory.dmp family_vidar
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1096-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmpFilesize
8KB
-
memory/1096-55-0x00000000002B0000-0x000000000031B000-memory.dmpFilesize
428KB
-
memory/1096-56-0x0000000003210000-0x00000000032BC000-memory.dmpFilesize
688KB
-
memory/1096-57-0x0000000000400000-0x000000000196E000-memory.dmpFilesize
21.4MB