vidar | bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403

Resubmissions

22-04-2022 11:52

19-04-2022 14:05

Target

bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403.exe
Size

635KB
MD5

ebfb5ded5dc595e22ee02b08597b93eb
SHA1

8c33736b8b3dc750027ef49b1059d5d3a231182a
SHA256

bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403
SHA512

e74d3f71ece40008cdcb7bcdfc6547ca406e4fb3fd3048177648d0ae906ad11223412963ee6b2b3ebe70a14006bc4ddb9d387b129a4f27fd34c4e8a9f5afdead

Score

10^/10

vidar 977 stealer

Family

vidar

Version

51.7

Botnet

977

https://t.me/hi20220412

https://noc.social/@samal6

Attributes

Vidar Stealer 2 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/1580-57-0x00000000004D0000-0x000000000057F000-memory.dmp	family_vidar
behavioral1/memory/1580-58-0x0000000000400000-0x00000000004C7000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403.exe
"C:\Users\Admin\AppData\Local\Temp\bc4d1e8e09905b7dd1d4b14ae7ba3b100e1baa7aeb567e225107d4439da03403.exe"
1⤵
PID:1580

memory/1580-54-0x0000000000628000-0x0000000000695000-memory.dmp

Filesize
436KB

Download
memory/1580-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/1580-56-0x0000000000628000-0x0000000000695000-memory.dmp

Filesize
436KB

Download
memory/1580-57-0x00000000004D0000-0x000000000057F000-memory.dmp

Filesize
700KB

Download
memory/1580-58-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download