Analysis
-
max time kernel
147s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 18:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0081232aeee761e5ca6c02d6209d69a7.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
0081232aeee761e5ca6c02d6209d69a7.exe
-
Size
671KB
-
MD5
0081232aeee761e5ca6c02d6209d69a7
-
SHA1
ea9cbef3a1637ac4f83a3b0f6bd5c57e788ed3bd
-
SHA256
12a7523214419812f838fef882e601d985409bb0f9126c5ba9252ad57bfd172d
-
SHA512
85a81bf72e366f569a2982ec0afcde9065784dbdd15f536a0d350a30138bc78c4a1f3e4859a79215f3a8c24296868d55de9fac7b8f1a08c593f356fe39c5a663
-
SSDEEP
12288:17zq3XlaJ/s2MWEMJszspZF4uOr5/2KDA8GLmaVb6K/:Nzs72wks4WrFzM8GpkC
Malware Config
Extracted
Family
vidar
Version
39.8
Botnet
706
C2
https://xeronxikxxx.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/5088-2-0x0000000003550000-0x00000000035ED000-memory.dmp family_vidar behavioral2/memory/5088-3-0x0000000000400000-0x00000000032A3000-memory.dmp family_vidar behavioral2/memory/5088-13-0x0000000000400000-0x00000000032A3000-memory.dmp family_vidar behavioral2/memory/5088-14-0x0000000003550000-0x00000000035ED000-memory.dmp family_vidar -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4936 5088 WerFault.exe 0081232aeee761e5ca6c02d6209d69a7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0081232aeee761e5ca6c02d6209d69a7.exe"C:\Users\Admin\AppData\Local\Temp\0081232aeee761e5ca6c02d6209d69a7.exe"1⤵PID:5088
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 10042⤵
- Program crash
PID:4936
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5088 -ip 50881⤵PID:4568