Overview

overview

10

Static

static

sotema_3.txt.exe

windows7-x64

10

sotema_3.txt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-01-2023 23:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sotema_3.txt.exe

  • Size

    687KB

  • MD5

    74369e15aa4278df3fb48af38ff0f6c7

  • SHA1

    bdd32c7da01a1d153481e151118cfd3e7f26fe04

  • SHA256

    8b5a4e40ae69a6a40919083275f37fc759ab609f0aa9d2269135c34a3fe3f053

  • SHA512

    1485b07182734464038e25949c4cde7da3d96e037f05efda0e68b4f5b595762713dc6cf11e9868969963f44867116225419d2db2c2993f7f1febc7fca6ddb6b8

  • SSDEEP

    12288:33pNnMRrdyclGQimr1DfUYZh6SIm79ybWpncLshlN+tQazCbRwIg1CmkT9:7nMNdy01w8hDEWpcLshlCzKiIgU9

Score
10/10
vidar706stealer

Malware Config

Extracted

Family

vidar

Version

39.4

Botnet

706

C2

https://sergeevih43.tumblr.com/

Attributes
  • profile_id

    706

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 3 IoCs
    stealer
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sotema_3.txt.exe
    "C:\Users\Admin\AppData\Local\Temp\sotema_3.txt.exe"
    1⤵
      PID:432
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 1848
        2⤵
        • Program crash
        PID:4200
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 432 -ip 432
      1⤵
        PID:4116

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/432-132-0x0000000000C78000-0x0000000000CDC000-memory.dmp
        Filesize

        400KB

        Download
      • memory/432-133-0x0000000002700000-0x000000000279D000-memory.dmp
        Filesize

        628KB

        Download
      • memory/432-134-0x0000000000400000-0x000000000094A000-memory.dmp
        Filesize

        5.3MB

        Download
      • memory/432-135-0x0000000000C78000-0x0000000000CDC000-memory.dmp
        Filesize

        400KB

        Download
      • memory/432-136-0x0000000000400000-0x000000000094A000-memory.dmp
        Filesize

        5.3MB

        Download