Analysis
-
max time kernel
146s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28-12-2023 04:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c2c5ae378d32a04091695ea8bf7ab9c1.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
c2c5ae378d32a04091695ea8bf7ab9c1.exe
-
Size
667KB
-
MD5
c2c5ae378d32a04091695ea8bf7ab9c1
-
SHA1
b75f1d2ca238bccfdadbeaac0f86aa01151d45d2
-
SHA256
1ae48437789e2076e6057d8ed5b953d099cfaea76f4f07a54d2916be3688d720
-
SHA512
38e5d4676f0181fe15dc566f36a16102f16cb3462bbd8a345044c6360f59244000ab035c5506e0d63981c1c5b3d7ed8e9cc586aba49da504c5abd4dba8784801
-
SSDEEP
12288:yJIdvRzdqwC41iC5wMxWpeQ3RICKj/6Y5PiHdOBynXAh5ueun6sTFG3KxJ:pRzdqTMxOziHuY5tynKXunZTQQ
Malware Config
Extracted
Family
vidar
Version
39.7
Botnet
706
C2
https://shpak125.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/3360-2-0x0000000002220000-0x00000000022BD000-memory.dmp family_vidar behavioral2/memory/3360-3-0x0000000000400000-0x00000000004C3000-memory.dmp family_vidar behavioral2/memory/3360-13-0x0000000000400000-0x00000000004C3000-memory.dmp family_vidar behavioral2/memory/3360-16-0x0000000002220000-0x00000000022BD000-memory.dmp family_vidar