vidar | f700fd436e23d06d5bab9f8063b82bba5ad472cdc8ed5f7cab3bfc4e99f85799 | Triage

Analysis

max time kernel
144s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
23-03-2022 16:22

Sharing

Report Analysis Logs

General

Target

77746978.exe
Size

634KB
MD5

5d131a92e3334e203f1b5fda3c1a14f1
SHA1

ded427c74d607b34994dfec005ed3fd64dee1ee9
SHA256

f700fd436e23d06d5bab9f8063b82bba5ad472cdc8ed5f7cab3bfc4e99f85799
SHA512

1fefed226605a9f84e1ba46dc9184bb060b4757fcdf3f92db91d1e5faff32b41f92d36defeb35192ef26666b65e5f6d8189196d37c9a78aef6bef2aed90744fc

Score

10^/10

vidar 565 stealer

Malware Config

Extracted

Family

vidar

Version

50.2

Botnet

565

C2

https://c.im/@killern3ax

https://qoto.org/@kill4rnix

Attributes

profile_id
565

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Vidar Stealer 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/636-131-0x0000000003720000-0x00000000037CC000-memory.dmp	family_vidar
behavioral2/memory/636-132-0x0000000000400000-0x000000000196E000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\77746978.exe
"C:\Users\Admin\AppData\Local\Temp\77746978.exe"
1⤵
PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-130-0x0000000001C00000-0x0000000001C6B000-memory.dmp

Filesize
428KB

Download
memory/636-131-0x0000000003720000-0x00000000037CC000-memory.dmp

Filesize
688KB

Download
memory/636-132-0x0000000000400000-0x000000000196E000-memory.dmp

Filesize
21.4MB

Download