Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 19:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
38101fefc0e4a9dc41b0198e6ff5524d.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
38101fefc0e4a9dc41b0198e6ff5524d.exe
-
Size
661KB
-
MD5
38101fefc0e4a9dc41b0198e6ff5524d
-
SHA1
1646f426023b13fdaae46fa43e416b34abbc8b38
-
SHA256
8893ae21b156fdc7ad3b76ae698f93cd671c3ac034364499aaba8f34d002ace4
-
SHA512
098dd742a584a56187fd5097f96303cbe0654772b2cdc2fab2e17db54a2ad049e0ec8ac65398cd1185d180582d89fc281e0abd34a51e5a0bfb43acb352b47f7b
-
SSDEEP
12288:VWIMLhbAzBl1JMoCyglNcwZHYd83XPJHZEPdH3oKdwbOIh668D2:6hbAzcvYwl33fdCP2KdwbOV6
Malware Config
Extracted
Family
vidar
Version
39.7
Botnet
706
C2
https://shpak125.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/2864-2-0x0000000002250000-0x00000000022ED000-memory.dmp family_vidar behavioral2/memory/2864-3-0x0000000000400000-0x00000000004C1000-memory.dmp family_vidar behavioral2/memory/2864-13-0x0000000000400000-0x00000000004C1000-memory.dmp family_vidar behavioral2/memory/2864-16-0x0000000002250000-0x00000000022ED000-memory.dmp family_vidar