Analysis
-
max time kernel
142s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
09-08-2023 18:20
General
-
Target
aeec682b33782ee0d2dc72b82ba61ade_mafia_JC.exe
-
Size
788KB
-
MD5
aeec682b33782ee0d2dc72b82ba61ade
-
SHA1
2d25d390aa5f950c4d6dd9f2a4b557b8197e94bd
-
SHA256
2fddcff3c5f83d226c9ab15e3196443f2f3067a1848cd31bb61a52e7447136fd
-
SHA512
53b0100bc83804848af10bbc31986245f63674df1e55e07ecc290f8b8856a6e0b0692e700341024e1529d297eac6918b1b8147c7ff5a1833219e4174e00e1d1e
-
SSDEEP
12288:HwPa0OH9rWyBw+qtoGqU17NUIRpgKNgWw5wcYSGa6:HwPa069rWyBw+DcUIfNgJwNfa
Score
10/10
Malware Config
Extracted
Family
vidar
Version
1.8
Botnet
408
C2
https://t.me/year2023start
https://steamcommunity.com/profiles/76561199467421923
http://65.108.93.119:80
Attributes
-
profile_id
408
Signatures
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aeec682b33782ee0d2dc72b82ba61ade_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\aeec682b33782ee0d2dc72b82ba61ade_mafia_JC.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/516-134-0x0000000000400000-0x0000000000460000-memory.dmpFilesize
384KB
-
memory/516-141-0x0000000000400000-0x0000000000460000-memory.dmpFilesize
384KB
-
memory/4332-133-0x0000000000D30000-0x0000000000DF8000-memory.dmpFilesize
800KB
-
memory/4332-140-0x0000000000D30000-0x0000000000DF8000-memory.dmpFilesize
800KB