Overview

overview

10

Static

static

1

AdobeIllus...23.exe

windows7-x64

10

AdobeIllus...23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-02-2023 18:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AdobeIllustrator2023.exe

  • Size

    761.7MB

  • MD5

    127504100dc5cc5d31567b432545a094

  • SHA1

    c5de6d70709521b64d2bfdc02ea3283d75ae35d2

  • SHA256

    57fa5d7d958b31479f78214a37ee220bf4bd0cc6a784c653d9b9665d17815612

  • SHA512

    371751fd419b40603d5f4d6f4767933a59f428891c0e62a315ab5881883b3ba555b26246b8015b0fe5010e943b7ab0324d12e4cf8056a7e35646fecc5507e414

  • SSDEEP

    12288:8mkPutHPPqXfiFYANYgsmybPf9sFK7Gsf6FAxBoBD4:PkPuFPPqXfirNYgsmybSw7Gsywf

Score
10/10
vidar408stealer

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

408

Attributes
  • profile_id

    408

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AdobeIllustrator2023.exe
    "C:\Users\Admin\AppData\Local\Temp\AdobeIllustrator2023.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4072
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:816
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 1740
          3⤵
          • Program crash
          PID:384
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 816 -ip 816
      1⤵
        PID:2340

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/816-132-0x0000000000000000-mapping.dmp
        Download
      • memory/816-133-0x0000000000400000-0x0000000000472000-memory.dmp
        Filesize

        456KB

        Download
      • memory/816-139-0x0000000000400000-0x0000000000472000-memory.dmp
        Filesize

        456KB

        Download