Analysis
-
max time kernel
142s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
24-07-2022 23:22
General
-
Target
575567a58c70a1b17fce84ae2c8a8dd52d348789c3e96934caf06d9d2764cc68.exe
-
Size
764KB
-
MD5
b21d897ea72d018d7e6542ece5e9eef1
-
SHA1
37114b76fc709c25fe8335bf6758c414e75b1872
-
SHA256
575567a58c70a1b17fce84ae2c8a8dd52d348789c3e96934caf06d9d2764cc68
-
SHA512
26a0733033975b2501861ba5d10d6e54e406967e9a42b95491bc8b7522e322b339b3014278d9389e387797089fa363b7fbfdf5fe6e35c84d0e0dc1afdb749579
Score
10/10
Malware Config
Extracted
Family
vidar
Version
41.4
Botnet
937
C2
https://mas.to/@sslam
Attributes
-
profile_id
937
Signatures
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer 4 IoCs
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\575567a58c70a1b17fce84ae2c8a8dd52d348789c3e96934caf06d9d2764cc68.exe"C:\Users\Admin\AppData\Local\Temp\575567a58c70a1b17fce84ae2c8a8dd52d348789c3e96934caf06d9d2764cc68.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 13162⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4344 -ip 43441⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4344-130-0x00000000009A8000-0x0000000000A24000-memory.dmpFilesize
496KB
-
memory/4344-131-0x0000000002490000-0x0000000002566000-memory.dmpFilesize
856KB
-
memory/4344-132-0x0000000000400000-0x00000000007F0000-memory.dmpFilesize
3.9MB
-
memory/4344-133-0x00000000009A8000-0x0000000000A24000-memory.dmpFilesize
496KB
-
memory/4344-134-0x0000000002490000-0x0000000002566000-memory.dmpFilesize
856KB
-
memory/4344-135-0x0000000000400000-0x00000000007F0000-memory.dmpFilesize
3.9MB