Analysis

  • max time kernel
    38s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2023, 16:23

General

  • Target

    file.exe

  • Size

    422KB

  • MD5

    9d7d6e8aa69bfbfaa97836e3ad221e10

  • SHA1

    b195022878f73153d31a9ed2d7891c0ef37f21cf

  • SHA256

    5b61d5b183c6015628a4870b5522a1989019c624d2c31838f4c752e2884d98d4

  • SHA512

    c3a51a1aee34b9babab1eb300924f9834c9a438f2f9acb2b997c97c7040fdaf09a24221da9d6b20ccefbad69f6a7712740ca2cb8e5d07fe94da892f1f2065e9d

  • SSDEEP

    6144:h1NvPj5H1z8Mm1Oda3uZv78cc8ecVeGXcFCYzz3fx8OEN5w8ZHoP3Zi50tpxFzW:hLVH1z8MmgdfpvV6xzz3jEN5T23Zi4

Score
10/10

Malware Config

Extracted

Family

vidar

Version

2

Botnet

560

C2

https://t.me/tgdatapacks

https://steamcommunity.com/profiles/76561199469677637

Attributes
  • profile_id

    560

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
      PID:2000

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2000-56-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

    • memory/2000-55-0x00000000002A0000-0x00000000002EC000-memory.dmp

      Filesize

      304KB

    • memory/2000-54-0x00000000004FD000-0x000000000052A000-memory.dmp

      Filesize

      180KB