Overview

overview

10

Static

static

e4529389a7...b1.exe

windows7-x64

10

e4529389a7...b1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    174s
  • max time network
    228s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2022 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4529389a7894145aba4211365e6ed6c23e1ce582109cc9cb8b1272ada1b54b1.exe

  • Size

    296KB

  • MD5

    a2e1443efcc1458c18a04baa94a78511

  • SHA1

    e27c11ac5a6f96560df8df7fd444ab1557d7bbd6

  • SHA256

    e4529389a7894145aba4211365e6ed6c23e1ce582109cc9cb8b1272ada1b54b1

  • SHA512

    aba5aeaf1bda31e40ef78cd2f4154739c8e7def494e5f4ca5c115d0953149cd4b20cd8672cabb00c756b6288a1165b60c72dca391f5c6134afc5ee53ce4360ab

  • SSDEEP

    6144:dMWAOA+Xg8kN7ws7b3A03ZyG2epQdYQJI+McpO:dM9+QTwOZyVepQdORK

Score
10/10
vidar14stealer

Malware Config

Extracted

Family

vidar

Version

1.3

Botnet

14

C2

https://t.me/samuelljax

https://steamcommunity.com/profiles/76561199439725733
Attributes
  • profile_id

    14

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4529389a7894145aba4211365e6ed6c23e1ce582109cc9cb8b1272ada1b54b1.exe
    "C:\Users\Admin\AppData\Local\Temp\e4529389a7894145aba4211365e6ed6c23e1ce582109cc9cb8b1272ada1b54b1.exe"
    1⤵
      PID:1460

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1460-132-0x000000000063D000-0x000000000066A000-memory.dmp
      Filesize

      180KB

      Download
    • memory/1460-134-0x0000000000400000-0x0000000000480000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1460-133-0x00000000005D0000-0x000000000061A000-memory.dmp
      Filesize

      296KB

      Download
    • memory/1460-135-0x000000000063D000-0x000000000066A000-memory.dmp
      Filesize

      180KB

      Download
    • memory/1460-136-0x0000000000400000-0x0000000000480000-memory.dmp
      Filesize

      512KB

      Download