Overview

overview

10

Static

static

build2.exe

windows7_x64

10

build2.exe

windows10-2004_x64

10

Resubmissions

17-06-2022 20:38

220617-zevjfsfgf6 10

19-04-2022 05:58

220419-gn6c7sbef7 10

Analysis

  • max time kernel
    132s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-06-2022 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build2.exe

  • Size

    603KB

  • MD5

    a13e3b18282318c65f096bad322b3c50

  • SHA1

    2c76179e95e583b588bcd516e94e7a2da52d5299

  • SHA256

    ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768

  • SHA512

    acb009f4b622ab7e8729dac2c45da975ba2305612c9575e5c8ce221edecf2d49da2236fc28b00d8f424a251765b935d8acce7bf40a1557d9fc79ba446250e786

Score
10/10
vidar517stealer

Malware Config

Extracted

Family

vidar

Version

51.4

Botnet

517

C2

https://t.me/hi20220403

https://mastodon.social/@sam5al
Attributes
  • profile_id

    517

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 6 IoCs
    stealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\build2.exe
    "C:\Users\Admin\AppData\Local\Temp\build2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4068
    • C:\Users\Admin\AppData\Local\Temp\build2.exe
      "C:\Users\Admin\AppData\Local\Temp\build2.exe"
      2⤵
        PID:4360

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4068-133-0x00000000004ED000-0x0000000000555000-memory.dmp

      Filesize

      416KB

      Download

    • memory/4068-134-0x00000000021F0000-0x0000000002298000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4068-138-0x00000000004ED000-0x0000000000555000-memory.dmp

      Filesize

      416KB

      Download

    • memory/4360-135-0x0000000000000000-mapping.dmp

      Download

    • memory/4360-136-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/4360-137-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/4360-139-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/4360-140-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/4360-141-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download