vidar | cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2023 07:08

Target

file.exe
Size

347KB
MD5

16bc6536b2bfda138d28e0be32c0a2c6
SHA1

bb7c1d6f01006d4f91deb1366922cf7d4c6c0750
SHA256

cc58fda6767d3d05772223f4267075b2dc2a63bc802a6026f3dbc1403e3efa17
SHA512

a5dcbf56f6c751edd52f2cb8030174ac3ee10145d377929c6ffbbf70925aec9c10d19c90252fa75f3d960632449ed6543b0a98ea53ba5b9902cb8a0b8fcc829b
SSDEEP

6144:QNU8lR4jSX5fbDkbhmZ00Rkf46siEBjX:SU8Mmuw36PEZ

Score

10^/10

Family

vidar

Version

6.7

Botnet

52d67d34ad338b1aab9d89c0da5a59b1

https://t.me/s4p0g

https://steamcommunity.com/profiles/76561199575355834

Attributes

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1884 2544 WerFault.exe file.exe

pid	pid_target	process	target process
1884	2544	WerFault.exe	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 2200
2⤵
- Program crash
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2544 -ip 2544
1⤵
PID:4496

memory/2544-1-0x0000000002E00000-0x0000000002F00000-memory.dmp

Filesize
1024KB

Download
memory/2544-2-0x0000000002DB0000-0x0000000002DE7000-memory.dmp

Filesize
220KB

Download
memory/2544-3-0x0000000000400000-0x0000000002ACD000-memory.dmp

Filesize
38.8MB

Download
memory/2544-13-0x0000000000400000-0x0000000002ACD000-memory.dmp

Filesize
38.8MB

Download
memory/2544-14-0x0000000002DB0000-0x0000000002DE7000-memory.dmp

Filesize
220KB

Download