Analysis
-
max time kernel
139s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28-12-2023 16:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e909471f2bf7157b1335d0b64538a83b.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
e909471f2bf7157b1335d0b64538a83b.exe
-
Size
574KB
-
MD5
e909471f2bf7157b1335d0b64538a83b
-
SHA1
2d47775d09ec88ff71da593fed536c8dc2dd6d37
-
SHA256
066ac142f91210ed2fe55e8e7e2b06427c6929c2321205be76b87aa586d263a7
-
SHA512
6aa839b6d723455cc8fdfcfdd2b3e6566d7909d5baa36f82d27b3cdea53b845dcff44f1b58bc4b2e99e53d44cb59cd5e56556289dc3d597d264ba680cf3c815e
-
SSDEEP
12288:1ukP1Kod4kWBeNrvhanAqQQB/cx5pOJcIavYZlTv8g3vEseLuBhZIH:1x1KopqhQg0lOJcIlZlTvx+Q
Malware Config
Extracted
Family
vidar
Version
39.8
Botnet
706
C2
https://xeronxikxxx.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/2296-2-0x0000000002160000-0x00000000021FD000-memory.dmp family_vidar behavioral2/memory/2296-3-0x0000000000400000-0x0000000000513000-memory.dmp family_vidar behavioral2/memory/2296-7-0x0000000000400000-0x0000000000513000-memory.dmp family_vidar behavioral2/memory/2296-16-0x0000000002160000-0x00000000021FD000-memory.dmp family_vidar -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2904 2296 WerFault.exe e909471f2bf7157b1335d0b64538a83b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e909471f2bf7157b1335d0b64538a83b.exe"C:\Users\Admin\AppData\Local\Temp\e909471f2bf7157b1335d0b64538a83b.exe"1⤵PID:2296
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 17402⤵
- Program crash
PID:2904
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2296 -ip 22961⤵PID:3396