Overview

overview

10

Static

static

4f385cf218...f5.exe

windows7-x64

10

4f385cf218...f5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    126s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2022 15:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

  • Size

    1.9MB

  • MD5

    d74e3e939a60460a2e38221e8c5ef2e8

  • SHA1

    209f6907cc17b1485605243fd521ee6a6fe4ffcb

  • SHA256

    4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5

  • SHA512

    bd3dd0595ce57f2430f370d4d642aa74c4bef482db8180dc31e74a3b2501ef3686ca638831e5bb8ad5f56e2dc620a7029aba7f607f2021286e41654ac60eac61

Score
10/10
vidar1148stealer

Malware Config

Extracted

Family

vidar

Version

50.1

Botnet

1148

C2

https://mastodon.online/@k1llerniax

https://koyu.space/@k1llerni2x
Attributes
  • profile_id

    1148

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 8 IoCs
    stealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
    "C:\Users\Admin\AppData\Local\Temp\4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3000-130-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-131-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-132-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-133-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-135-0x0000000002440000-0x000000000248C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/3000-134-0x0000000075470000-0x0000000075685000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/3000-136-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-137-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-139-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-138-0x0000000076200000-0x0000000076481000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/3000-140-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-141-0x0000000075960000-0x0000000075A43000-memory.dmp
    Filesize

    908KB

    Download
  • memory/3000-142-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3000-143-0x0000000002440000-0x000000000248C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/3000-144-0x00000000004E0000-0x00000000006AD000-memory.dmp
    Filesize

    1.8MB

    Download