vidar | 740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-12-2022 23:51

Target

3b6782cde711c6e73e09611c5041060e.exe
Size

407KB
MD5

3b6782cde711c6e73e09611c5041060e
SHA1

412d9f6e64ebee4287eccff782f04943e5381d4f
SHA256

740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c
SHA512

d7883a046d9b153094f9f3e5970b78a9084de8472d219a325006a7652cdf5427641a0c10beef4aceaa4ad9d92ea1a2ccf8104588e51760200e7e85be37524c4e
SSDEEP

6144:ZLy8zb4fAgGKnhd7CA6TzHFdKFAf2iwLR2TP0dainGyIxZ1WqqdS09h:Z+d494r7TabQEORMPMRnGdYX

Score

10^/10

vidar 19 stealer

Family

vidar

Version

1.7

Botnet

https://t.me/robloxblackl

https://steamcommunity.com/profiles/76561199458928097

Attributes

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Suspicious use of SetThreadContext 1 IoCs

Processes:

3b6782cde711c6e73e09611c5041060e.exe

description pid process target process

PID 2040 set thread context of 1192 2040 3b6782cde711c6e73e09611c5041060e.exe 3b6782cde711c6e73e09611c5041060e.exe

description	pid	process	target process
PID 2040 set thread context of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

3b6782cde711c6e73e09611c5041060e.exe

description	pid	process	target process
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe
PID 2040 wrote to memory of 1192	2040	3b6782cde711c6e73e09611c5041060e.exe	3b6782cde711c6e73e09611c5041060e.exe

C:\Users\Admin\AppData\Local\Temp\3b6782cde711c6e73e09611c5041060e.exe
"C:\Users\Admin\AppData\Local\Temp\3b6782cde711c6e73e09611c5041060e.exe"
2⤵
PID:1192

memory/1192-55-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1192-56-0x00000000004219EC-mapping.dmp

Download
memory/1192-59-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1192-61-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2040-54-0x0000000000508000-0x0000000000536000-memory.dmp

Filesize
184KB

Download
memory/2040-58-0x0000000000508000-0x0000000000536000-memory.dmp

Filesize
184KB

Download
memory/2040-60-0x0000000000310000-0x000000000035C000-memory.dmp

Filesize
304KB

Download