Overview

overview

10

Static

static

1

Acrobat.exe

windows7-x64

10

Acrobat.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-02-2023 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Acrobat.exe

  • Size

    447KB

  • MD5

    93608ad7c09cff3f973d368fbd13ebef

  • SHA1

    273eb598e1552240adf031024240941e6205489f

  • SHA256

    117a62db2a9b8c5cbe7420192e28ebd17b93a63f8a7b2984dc2d6f9c12383f26

  • SHA512

    892ef93dd5d2524060d20abe71ad053d269069dddc9b53af4b7c436385879433730f7d4b46ad0b5c59df0b913a99305015c9b8259448136a1892ca446fa99aeb

  • SSDEEP

    6144:Ba+WLREtbN8M06OV9/bkXJUoTfck0wVYbIY/pIL13oN0NDgQnR6FFwAYpn8FCdy9:BaLNwTTX3Hqkopa13U0NDgmR6bzFsH8T

Score
10/10
vidar408stealer

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes
  • profile_id

    408

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Acrobat.exe
    "C:\Users\Admin\AppData\Local\Temp\Acrobat.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:1440
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 1524
          3⤵
          • Program crash
          PID:1452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 1440 -ip 1440
      1⤵
        PID:1476

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1440-132-0x0000000000000000-mapping.dmp
        Download
      • memory/1440-133-0x0000000000400000-0x0000000000472000-memory.dmp
        Filesize

        456KB

        Download
      • memory/1440-139-0x0000000000400000-0x0000000000472000-memory.dmp
        Filesize

        456KB

        Download