Overview

overview

10

Static

static

3

586126f415...4f.exe

windows7-x64

10

586126f415...4f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    586126f4151fea05665e55f7f0e6a74f.exe

  • Size

    671KB

  • MD5

    586126f4151fea05665e55f7f0e6a74f

  • SHA1

    8f4917dcb9a9f7529da225a5bc70a817572cc461

  • SHA256

    279c60038d0b7b97c130d2913e501eca3c8ec4b78ed799059a8e3ba3a18d1dc7

  • SHA512

    e4dfae3428b37c7fe102ff57b91906a1f44eb31ec77878d88cd6bb77da0e1b79201b919f137112a88182bf6383e130d27307547bff86cc4b0d1f8a51c9eced3c

  • SSDEEP

    12288:Uzilc1OGRFsQixZp7AsZhaKZyn0+PTi96i97LzY9PoPoHe3Dmdpg:UI0vBi17vZdyn0gOs47wUo8Dmdp

Score
10/10
vidar706stealer

Malware Config

Extracted

Family

vidar

Version

40.5

Botnet

706

C2

https://gheorghip.tumblr.com/

Attributes
  • profile_id

    706

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 5 IoCs
    stealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\586126f4151fea05665e55f7f0e6a74f.exe
    "C:\Users\Admin\AppData\Local\Temp\586126f4151fea05665e55f7f0e6a74f.exe"
    1⤵
      PID:1948

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Cab7F21.tmp
      Filesize

      17KB

      MD5

      b894c67dd680cdac73d5af69c610a8bb

      SHA1

      66000ee0c5acef7066a5a8e448dd7bfcad187050

      SHA256

      cb4d7c4eb8adf07ef8a62dfd0d23e7dbaa808efba00d461e6b1fed5591c0571a

      SHA512

      3d910466df92817886a0b54e5e85f2b6b321e3024d8032b1e1ac4556ca47a25d51266bf23eb48c7aa9cdb74a0d75888603115cdc417a030c93c709942ee826d1

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7F62.tmp
      Filesize

      21KB

      MD5

      6c70e35d194dc6d712218fd9db9ccd0f

      SHA1

      2055b403edd0800f8c6dd5dd817a5ad6d66be10c

      SHA256

      2072e5560606b07ae0d7f438412b7dc08b78944008bf1e4bbef610c0f3857f72

      SHA512

      ebdc34dad8f5a26c25c11de7cfae7c5d43209dbc049eed5606f3696746aba4468999ff564b39f4c2a7592d4c1f613253ae29a1b0bf611f1934d5b830e69c2701

      Download Submit
    • memory/1948-1-0x0000000002CF0000-0x0000000002DF0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1948-2-0x0000000004510000-0x00000000045E1000-memory.dmp
      Filesize

      836KB

      Download
    • memory/1948-3-0x0000000000400000-0x0000000002BB2000-memory.dmp
      Filesize

      39.7MB

      Download
    • memory/1948-57-0x0000000000400000-0x0000000002BB2000-memory.dmp
      Filesize

      39.7MB

      Download
    • memory/1948-58-0x0000000002CF0000-0x0000000002DF0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1948-60-0x0000000004510000-0x00000000045E1000-memory.dmp
      Filesize

      836KB

      Download
    • memory/1948-84-0x0000000000400000-0x0000000002BB2000-memory.dmp
      Filesize

      39.7MB

      Download