vidar | 448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548

Analysis

max time kernel
252s
max time network
256s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
01-11-2022 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe
Size

2.8MB
MD5

e3dd8fbd44e13131c4d3bcf762a84e15
SHA1

f47798a3afa03c937233a162b5bee151aa699c11
SHA256

448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548
SHA512

90a68f40d359e534e762032d8ee8b9c369db00a24e443e91c580623a1e7b1f5f16e0b17633bca1260ddb865a81a594dec92229b210e6a2d9a81db26a5c2cadad
SSDEEP

49152:YQNnxUgpKR8hU7eC6EftaUAihUzPpHcxQ4Tl3g:YQNnxUgpKR8hUqCbEUAihccxQ4K

Score

10^/10

vidar 1375 stealer

Malware Config

Extracted

Family

vidar

Version

54.4

Botnet

1375

https://t.me/okxtraders

https://social.linux.pizza/@tiagoa36

Attributes

profile_id
1375

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1748 set thread context of 97740	1748	448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe	67

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 97740	1748	448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe	67
PID 1748 wrote to memory of 97740	1748	448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe	67
PID 1748 wrote to memory of 97740	1748	448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe	67
PID 1748 wrote to memory of 97740	1748	448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe	67
PID 1748 wrote to memory of 97740	1748	448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe	67

C:\Users\Admin\AppData\Local\Temp\448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe
"C:\Users\Admin\AppData\Local\Temp\448e375cfdd4afb1ab481850edc83eaefaea17b1ecc6dc9cea7c0cc070014548.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:97740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-120-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-121-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-122-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-123-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-124-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-125-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-126-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-127-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-128-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/97740-134-0x000000000042186D-mapping.dmp

Download
memory/97740-135-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-136-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-137-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-138-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-140-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-141-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-143-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-144-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-145-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-146-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-147-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-148-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-149-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-150-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-151-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-152-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-153-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-154-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-155-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-156-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-157-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-158-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-160-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-161-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-162-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-164-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-165-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/97740-167-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-166-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-163-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-159-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-168-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-169-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-170-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-171-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-172-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-173-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-174-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-175-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-176-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-177-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-178-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-179-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-180-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-181-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-182-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-183-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-184-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-185-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download
memory/97740-186-0x0000000076F50000-0x00000000770DE000-memory.dmp

Filesize
1.6MB

Download