Overview

overview

10

Static

static

f20d8f923b...37.exe

windows7-x64

10

f20d8f923b...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • submitted
    08-09-2022 12:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f20d8f923ba4065f004bbb79086a8637.exe

  • Size

    608KB

  • MD5

    f20d8f923ba4065f004bbb79086a8637

  • SHA1

    f43809b21b6e4dc9eba2d4681b2d8fc10384edc3

  • SHA256

    3b275eb3041764efa0c25789652714f73013eba1cca9636d1dd201db733e16c1

  • SHA512

    70bc9ea694a32ef7625ddc33b40d0a0c0c7e149886938304052740ac45d1d547fd8d2a08e085103fe6a9a8b7d165f3364a770e92ab0c8b00235e77e56ef84867

  • SSDEEP

    12288:NFG1MZ0KtvusH5nfVwcCU/gb5uGJ5j/irX7fy29C+A30Fo9srKdMEFqW3QjyVInn:y185ndiU/4J/irX7q2MV0kWYyeJni

Score
10/10
vidar1438stealer

Malware Config

Extracted

Family

vidar

Version

54.2

Botnet

1438

C2

https://t.me/tigogames

https://ioc.exchange/@tiagoa26
Attributes
  • profile_id

    1438

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f20d8f923ba4065f004bbb79086a8637.exe
    "C:\Users\Admin\AppData\Local\Temp\f20d8f923ba4065f004bbb79086a8637.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:1940

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1940-54-0x0000000000400000-0x000000000045D000-memory.dmp
      Filesize

      372KB

      Download
    • memory/1940-56-0x0000000000400000-0x000000000045D000-memory.dmp
      Filesize

      372KB

      Download
    • memory/1940-62-0x0000000000422DBD-mapping.dmp
      Download
    • memory/1940-63-0x0000000000400000-0x000000000045D000-memory.dmp
      Filesize

      372KB

      Download
    • memory/1940-64-0x0000000076181000-0x0000000076183000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1940-65-0x0000000000400000-0x000000000045D000-memory.dmp
      Filesize

      372KB

      Download