Overview

overview

10

Static

static

Os_Editorx...11.exe

windows7-x64

10

Os_Editorx...11.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    25s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2023 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Os_Editorx64_win7-8-10-11.exe

  • Size

    319.0MB

  • MD5

    cfc67715228aeff0bb92357d11bc3ce7

  • SHA1

    f8b664c669dcf720a33630462c6eaad31c415fd4

  • SHA256

    48a2f6dab127b5f79ca8293a19f14ffafabd0491e4a570b94b8a52807af5bcb2

  • SHA512

    cc21566a400002c6746c4519bae1a54def69bfbbf290bacee783b8c28687ba09973bd5c0063694b02df152a392b6273d243760397796a74b6ce33c8b4593f796

  • SSDEEP

    49152:QHuWBLVl5J4EUknv4QjU/5f5gB0dDKoXQo5xbhsJ8klAKjJWWnwn87fHhTjUNjHZ:QOUggv4QjsLzVKop85doKS87K5

Score
10/10
purecryptervidar837downloaderloaderstealer

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

837

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815
Attributes
  • profile_id

    837

Signatures

  • Detect PureCrypter injector 1 IoCs
    loader
  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Os_Editorx64_win7-8-10-11.exe
    "C:\Users\Admin\AppData\Local\Temp\Os_Editorx64_win7-8-10-11.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Users\Admin\AppData\Local\Temp\Os_Editorx64_win7-8-10-11.exe
      C:\Users\Admin\AppData\Local\Temp\Os_Editorx64_win7-8-10-11.exe
      2⤵
        PID:908

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/908-68-0x000000000042D1BC-mapping.dmp
      Download
    • memory/908-58-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/908-59-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/908-61-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/908-63-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/908-65-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/908-67-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/908-70-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/908-71-0x0000000000400000-0x000000000046A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/2012-55-0x0000000075441000-0x0000000075443000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2012-56-0x0000000004D80000-0x0000000005006000-memory.dmp
      Filesize

      2.5MB

      Download
    • memory/2012-57-0x0000000005220000-0x000000000528A000-memory.dmp
      Filesize

      424KB

      Download
    • memory/2012-54-0x0000000000A90000-0x0000000000D30000-memory.dmp
      Filesize

      2.6MB

      Download