Overview

overview

10

Static

static

4fc7a5ef8c...1a.exe

windows7-x64

10

4fc7a5ef8c...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    71s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220718-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220718-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2022 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4fc7a5ef8cadf53201bb797b48b42f16dac02bdec55c732bed6760ceb695641a.exe

  • Size

    728KB

  • MD5

    1d4467ffb1931c08ad2ccb25f495113b

  • SHA1

    efd91244076812e16e0b122dfd82901db8e85ca8

  • SHA256

    4fc7a5ef8cadf53201bb797b48b42f16dac02bdec55c732bed6760ceb695641a

  • SHA512

    986f43cea97a2bd9e415b88808503994bd2791cb6ff75871a1b3820e0a09d3c4c0bb7b56e6770eb124c6740a5de07c970695fe22e5d86069d125ad166285a1b9

Score
10/10
vidar936stealer

Malware Config

Extracted

Family

vidar

Version

41.4

Botnet

936

C2

https://mas.to/@sslam

Attributes
  • profile_id

    936

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 4 IoCs
    stealer
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fc7a5ef8cadf53201bb797b48b42f16dac02bdec55c732bed6760ceb695641a.exe
    "C:\Users\Admin\AppData\Local\Temp\4fc7a5ef8cadf53201bb797b48b42f16dac02bdec55c732bed6760ceb695641a.exe"
    1⤵
      PID:3504
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 1032
        2⤵
        • Program crash
        PID:2668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3504 -ip 3504
      1⤵
        PID:4948

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3504-130-0x00000000019ED000-0x0000000001A69000-memory.dmp
        Filesize

        496KB

        Download
      • memory/3504-131-0x0000000003470000-0x0000000003546000-memory.dmp
        Filesize

        856KB

        Download
      • memory/3504-132-0x0000000000400000-0x0000000001729000-memory.dmp
        Filesize

        19.2MB

        Download
      • memory/3504-133-0x00000000019ED000-0x0000000001A69000-memory.dmp
        Filesize

        496KB

        Download
      • memory/3504-134-0x00000000019ED000-0x0000000001A69000-memory.dmp
        Filesize

        496KB

        Download
      • memory/3504-135-0x0000000003470000-0x0000000003546000-memory.dmp
        Filesize

        856KB

        Download
      • memory/3504-136-0x0000000000400000-0x0000000001729000-memory.dmp
        Filesize

        19.2MB

        Download