Analysis
-
max time kernel
141s -
max time network
130s -
platform
windows10-1703_x64 -
resource
win10-20231023-en -
resource tags
-
submitted
01-12-2023 11:29
General
-
Target
f588fb0d22eb7e81736deb57a487fa494e7b7d970dd00e521e95fdc80eb12d53.exe
-
Size
294KB
-
MD5
4e93f92509a0e5b7d11d2adb48dd1adb
-
SHA1
22c7bc05bb31d9f7657fd9d17ffc7486232222d3
-
SHA256
f588fb0d22eb7e81736deb57a487fa494e7b7d970dd00e521e95fdc80eb12d53
-
SHA512
7cbbe10bc00c3a61b93c8be47c1d669605834a64f93df784372685c1ab3436940179cb093ecdd520cf659f1fe454c6f0308837c97055e136c569949008b06d3a
-
SSDEEP
6144:9DBv1CrUh8bkeO4Ps2Syz4TFAbuhYAe3mXeVgu:9eUh8bkWPMrApA3
Score
10/10
Malware Config
Extracted
Family
vidar
Version
6.7
Botnet
b38cb04787049a109b9655c2379f5b97
C2
https://t.me/s4p0g
https://steamcommunity.com/profiles/76561199575355834
Attributes
-
profile_id_v2
b38cb04787049a109b9655c2379f5b97
Signatures
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f588fb0d22eb7e81736deb57a487fa494e7b7d970dd00e521e95fdc80eb12d53.exe"C:\Users\Admin\AppData\Local\Temp\f588fb0d22eb7e81736deb57a487fa494e7b7d970dd00e521e95fdc80eb12d53.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 19482⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/440-1-0x0000000000830000-0x0000000000930000-memory.dmpFilesize
1024KB
-
memory/440-2-0x0000000000960000-0x0000000000997000-memory.dmpFilesize
220KB
-
memory/440-3-0x0000000000400000-0x00000000007D3000-memory.dmpFilesize
3.8MB
-
memory/440-7-0x0000000000400000-0x00000000007D3000-memory.dmpFilesize
3.8MB
-
memory/440-9-0x0000000000830000-0x0000000000930000-memory.dmpFilesize
1024KB
-
memory/440-10-0x0000000000960000-0x0000000000997000-memory.dmpFilesize
220KB