Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
28-12-2023 20:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f6224542abbf35433c6f296df97691bf.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
f6224542abbf35433c6f296df97691bf.exe
-
Size
663KB
-
MD5
f6224542abbf35433c6f296df97691bf
-
SHA1
f3133ae0559aa6920f63c94369f225d768bf5e10
-
SHA256
ad8a63182b0b115ad427182788e162a8590470fa9c9e52f4e07ee5b1d7d92369
-
SHA512
9c90ad9f3c703f1bcb70386a219099db566ff089bf5ae3629f50c1a95516ff3ef310f3dc12e61e6d58bca374e54bddaf0dcebba14b4f7ccf24ff3fb861e7ced8
-
SSDEEP
12288:qimE52e34HWsWtOlkgwtM24VyT7yxpPF4nw9Ni3hA+cDIlFrIbz2wc:T2e34HWsW/tM24VyTmxpdAw9NKhrc0lU
Malware Config
Extracted
Family
vidar
Version
39.7
Botnet
706
C2
https://shpak125.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/1316-3-0x0000000000400000-0x00000000004C1000-memory.dmp family_vidar behavioral2/memory/1316-2-0x0000000002190000-0x000000000222D000-memory.dmp family_vidar behavioral2/memory/1316-10-0x0000000000400000-0x00000000004C1000-memory.dmp family_vidar behavioral2/memory/1316-15-0x0000000002190000-0x000000000222D000-memory.dmp family_vidar -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5116 1316 WerFault.exe f6224542abbf35433c6f296df97691bf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6224542abbf35433c6f296df97691bf.exe"C:\Users\Admin\AppData\Local\Temp\f6224542abbf35433c6f296df97691bf.exe"1⤵PID:1316
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 9922⤵
- Program crash
PID:5116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1316 -ip 13161⤵PID:4940