Overview

overview

10

Static

static

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Resubmissions

09/01/2023, 00:18

230109-alx6gsfb52 10

Analysis

  • max time kernel
    42s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2023, 00:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    750.4MB

  • MD5

    ecab43985219a0d403a57d68a7f031dc

  • SHA1

    557c2e853da449c241e4ac032d423e738a65057f

  • SHA256

    d1e1e02d213453eefdd80545b6a244e945ac5a6d38d95efa7c927deacfefd098

  • SHA512

    3857d46114db6707d03523ff17d4237b051d40145da2ce9c583d247a9450855e18a1946f52ce5c0519d9de56b7c7680befb916552b080866e08698b4ff44268b

  • SSDEEP

    12288:6XzzpXvdfXLhb4lfeMLRYOYDub54whqnhbam3FeHJK:cp/dfmJeMLRYY+2qnz1eH

Score
10/10
vidar812stealer

Malware Config

Extracted

Family

vidar

Version

1.8

Botnet

812

C2

https://t.me/year2023start

https://steamcommunity.com/profiles/76561199467421923
Attributes
  • profile_id

    812

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:788

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/788-55-0x0000000000400000-0x0000000000460000-memory.dmp

            Filesize

            384KB

            Download

          • memory/788-57-0x0000000000400000-0x0000000000460000-memory.dmp

            Filesize

            384KB

            Download

          • memory/788-64-0x0000000000400000-0x0000000000460000-memory.dmp

            Filesize

            384KB

            Download

          • memory/788-66-0x0000000000400000-0x0000000000460000-memory.dmp

            Filesize

            384KB

            Download

          • memory/1664-54-0x0000000076181000-0x0000000076183000-memory.dmp

            Filesize

            8KB

            Download