Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2023, 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    422KB

  • MD5

    9d7d6e8aa69bfbfaa97836e3ad221e10

  • SHA1

    b195022878f73153d31a9ed2d7891c0ef37f21cf

  • SHA256

    5b61d5b183c6015628a4870b5522a1989019c624d2c31838f4c752e2884d98d4

  • SHA512

    c3a51a1aee34b9babab1eb300924f9834c9a438f2f9acb2b997c97c7040fdaf09a24221da9d6b20ccefbad69f6a7712740ca2cb8e5d07fe94da892f1f2065e9d

  • SSDEEP

    6144:h1NvPj5H1z8Mm1Oda3uZv78cc8ecVeGXcFCYzz3fx8OEN5w8ZHoP3Zi50tpxFzW:hLVH1z8MmgdfpvV6xzz3jEN5T23Zi4

Score
10/10
vidar560discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

2

Botnet

560

C2

https://t.me/tgdatapacks

https://steamcommunity.com/profiles/76561199469677637
Attributes
  • profile_id

    560

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 1992
      2⤵
      • Program crash
      PID:4540
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1352 -ip 1352
    1⤵
      PID:4860

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\mozglue.dll
      Filesize

      133KB

      MD5

      8f73c08a9660691143661bf7332c3c27

      SHA1

      37fa65dd737c50fda710fdbde89e51374d0c204a

      SHA256

      3fe6b1c54b8cf28f571e0c5d6636b4069a8ab00b4f11dd842cfec00691d0c9cd

      SHA512

      0042ecf9b3571bb5eba2de893e8b2371df18f7c5a589f52ee66e4bfbaa15a5b8b7cc6a155792aaa8988528c27196896d5e82e1751c998bacea0d92395f66ad89

      Download Submit

    • C:\ProgramData\nss3.dll
      Filesize

      1.2MB

      MD5

      bfac4e3c5908856ba17d41edcd455a51

      SHA1

      8eec7e888767aa9e4cca8ff246eb2aacb9170428

      SHA256

      e2935b5b28550d47dc971f456d6961f20d1633b4892998750140e0eaa9ae9d78

      SHA512

      2565bab776c4d732ffb1f9b415992a4c65b81bcd644a9a1df1333a269e322925fc1df4f76913463296efd7c88ef194c3056de2f1ca1357d7b5fe5ff0da877a66

      Download Submit

    • memory/1352-132-0x00000000005FE000-0x000000000062B000-memory.dmp

      Filesize

      180KB

      Download

    • memory/1352-133-0x00000000021A0000-0x00000000021EC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1352-134-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1352-135-0x0000000050C70000-0x0000000050D02000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1352-156-0x00000000005FE000-0x000000000062B000-memory.dmp

      Filesize

      180KB

      Download

    • memory/1352-157-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1352-158-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download