Analysis
-
max time kernel
143s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
26-12-2023 15:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
77f0d126269bd9fd6d669292e0d947c0.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
77f0d126269bd9fd6d669292e0d947c0.exe
-
Size
653KB
-
MD5
77f0d126269bd9fd6d669292e0d947c0
-
SHA1
f40529ce7b9ef94d779b66cbc48062a011be8796
-
SHA256
bfd61920735254ab798c1f7a1be84d7e250574c3b9a7d6d51a95303c1bf02d0f
-
SHA512
46e84928f792e99ad84ddda182b8c2a145b28cd2d74f321d95b061e6cb484dba56d6a2008947cbbc05915391b6f713c6c6601934d2158cc85b18b030b849ac67
-
SSDEEP
12288:rbefpoainVIIz50zw9dNEW8lLqFEzAHSOOkvjnH6o4qlOwR6xnIGqGr0:eoainMwyW8lLdaSJkvDaIOwR6dIpV
Malware Config
Extracted
Family
vidar
Version
39.7
Botnet
706
C2
https://shpak125.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/2324-2-0x0000000002260000-0x00000000022FD000-memory.dmp family_vidar behavioral2/memory/2324-3-0x0000000000400000-0x00000000004BF000-memory.dmp family_vidar behavioral2/memory/2324-10-0x0000000000400000-0x00000000004BF000-memory.dmp family_vidar behavioral2/memory/2324-15-0x0000000002260000-0x00000000022FD000-memory.dmp family_vidar -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 364 2324 WerFault.exe 77f0d126269bd9fd6d669292e0d947c0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\77f0d126269bd9fd6d669292e0d947c0.exe"C:\Users\Admin\AppData\Local\Temp\77f0d126269bd9fd6d669292e0d947c0.exe"1⤵PID:2324
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 15442⤵
- Program crash
PID:364
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2324 -ip 23241⤵PID:4872