vidar | 581304c1ecc96f13dc1fcd999afed03ce2844937b63f463269352d9ba60666cb

Analysis

max time kernel
141s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/04/2023, 18:57

Target

build2.exe
Size

453KB
MD5

770db2929307f3de98c1944fcd4adf92
SHA1

d84b969b5f77353f734ec251660b71f11f2a76bf
SHA256

581304c1ecc96f13dc1fcd999afed03ce2844937b63f463269352d9ba60666cb
SHA512

5bb5ac8146a540ea34aabee20b8f30a3b7fe1064f4cd18f1222aed63eb9a8a946c1e2c45a17b57e0e883ea578aacd255734aeb155451984c44ce1fb90cc66d03
SSDEEP

12288:CxZzXIpPqZYHChjN0H4cmL5tW35TkH9+fnW:CTzXIlGYiHvcms54HofW

Score

10^/10

Family

vidar

Version

3.6

Botnet

5cb879265de0011bfc7588d5d251aee6

https://steamcommunity.com/profiles/76561199499188534

https://t.me/nutalse

Attributes

profile_id_v2
5cb879265de0011bfc7588d5d251aee6
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2044 set thread context of 1096	2044	build2.exe	28

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28
PID 2044 wrote to memory of 1096	2044	build2.exe	28

C:\Users\Admin\AppData\Local\Temp\build2.exe
"C:\Users\Admin\AppData\Local\Temp\build2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\build2.exe
  "C:\Users\Admin\AppData\Local\Temp\build2.exe"
  2⤵
  PID:1096

memory/1096-56-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1096-55-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1096-59-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1096-60-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1096-65-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1096-67-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2044-58-0x00000000002E0000-0x000000000033E000-memory.dmp

Filesize
376KB

Download