Overview

overview

10

Static

static

3

f39320e7aa...d7.exe

windows7-x64

10

f39320e7aa...d7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2023 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f39320e7aa57411e246cfbd5f81f2cd7.exe

  • Size

    575KB

  • MD5

    f39320e7aa57411e246cfbd5f81f2cd7

  • SHA1

    315077d79750795c7aeeb4a3cc16e147cf721871

  • SHA256

    a48ca5ac24da4b68de42bfcbc752e20382d21abccf6634124cf29fab4d049ed7

  • SHA512

    e0d9bc96d08eaa27018ea7ca4b0bd6814a723b5fe529aae0b3c9963ebafb6e782a53c98550f9547b89ed30437fa4139be28abcc35937985a12b41f29b88cffac

  • SSDEEP

    12288:VO9lA2p0dAO5bSdhmqHUNY6QlmJFj+FDoi/kkbAiptSoDh+PNKs1:u0+0EHUm6QlM2Doi/bbfpLDh+

Score
10/10
vidar865stealer

Malware Config

Extracted

Family

vidar

Version

39.8

Botnet

865

C2

https://xeronxikxxx.tumblr.com/

Attributes
  • profile_id

    865

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 4 IoCs
    stealer
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f39320e7aa57411e246cfbd5f81f2cd7.exe
    "C:\Users\Admin\AppData\Local\Temp\f39320e7aa57411e246cfbd5f81f2cd7.exe"
    1⤵
      PID:3860
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 1568
        2⤵
        • Program crash
        PID:3264
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3860 -ip 3860
      1⤵
        PID:3288

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3860-2-0x0000000002110000-0x00000000021AD000-memory.dmp
        Filesize

        628KB

        Download
      • memory/3860-3-0x0000000000400000-0x00000000004AA000-memory.dmp
        Filesize

        680KB

        Download
      • memory/3860-1-0x0000000000670000-0x0000000000770000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/3860-10-0x0000000000400000-0x00000000004AA000-memory.dmp
        Filesize

        680KB

        Download
      • memory/3860-15-0x0000000002110000-0x00000000021AD000-memory.dmp
        Filesize

        628KB

        Download