vidar | 6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321

Analysis

max time kernel
41s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-02-2023 11:51

Target

6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe
Size

1.1MB
MD5

749d19c5b63ba2f68382316133b3bce9
SHA1

5b6073743e6dc49516452c6acd0a2a529fc865eb
SHA256

6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321
SHA512

155ae150d41ecdb97d99b66b9e1c9baed920095008c5ef23617edf2ba2b59b8663c449733f5166bb16c6b6be6fee20cce46971ad8eec8c3b5c3523b46e18e82e
SSDEEP

12288:+SqfVrWp0vjTTBS/ZchhSIFShxk+MkblmQGEOUIiC1LX9A9iJ8e3AhmL9N7Q9Bgm:zpuXBgZchhcRbvOUItL9NueIeuLP3

Score

10^/10

vidar 15 stealer

Family

vidar

Version

2.2

Botnet

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815

Attributes

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1584 set thread context of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28
PID 1584 wrote to memory of 268	1584	6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe	28

C:\Users\Admin\AppData\Local\Temp\6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe
"C:\Users\Admin\AppData\Local\Temp\6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Users\Admin\AppData\Local\Temp\6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe
  "C:\Users\Admin\AppData\Local\Temp\6850b7d056a9bffa791dd47dc0f8251fc5cc72fd0d90eb7b3ffe5bbaf5cf9321.exe"
  2⤵
  PID:268

memory/268-70-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/268-66-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/268-74-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/268-73-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/268-62-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/268-71-0x000000000042D63C-mapping.dmp

Download
memory/268-68-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/268-61-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/268-64-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1584-58-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/1584-60-0x0000000002290000-0x00000000022EC000-memory.dmp

Filesize
368KB

Download
memory/1584-55-0x0000000075491000-0x0000000075493000-memory.dmp

Filesize
8KB

Download
memory/1584-54-0x0000000000270000-0x0000000000384000-memory.dmp

Filesize
1.1MB

Download
memory/1584-59-0x0000000005920000-0x00000000059B4000-memory.dmp

Filesize
592KB

Download
memory/1584-57-0x0000000000210000-0x0000000000222000-memory.dmp

Filesize
72KB

Download
memory/1584-56-0x0000000005000000-0x00000000050C6000-memory.dmp

Filesize
792KB

Download