Overview

overview

10

Static

static

3

1e90790e7d...34.exe

windows7-x64

10

1e90790e7d...34.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    9s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 22:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e90790e7d177d29fc32f926a419c534.exe

  • Size

    604KB

  • MD5

    1e90790e7d177d29fc32f926a419c534

  • SHA1

    25142c6b5243f09542d28ce75f42f8b1e337bf18

  • SHA256

    859b840ac0113845859e79c66583996665f246ccc6f3ebfe419e2e07e8f515cc

  • SHA512

    667f4c651debd720b8f4c534fd4690a9cc2ddbce98d7577285f6e42b88e71ba209433ad0dcb3dc7d34b79df7a59ad6d1e7c8602365b5501d85a235c3d84d4f6d

  • SSDEEP

    12288:qb7JEYkQ7Mgtxi1RZQ+EspGqoKq1pGtmI0LOzBx4J39tBvMxpG/80DT+:AEYkQ8K+EspjqfGJ0LCj4V9tFMLGU0

Score
10/10
vidar706stealer

Malware Config

Extracted

Family

vidar

Version

40.1

Botnet

706

C2

https://eduarroma.tumblr.com/

Attributes
  • profile_id

    706

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 4 IoCs
    stealer
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e90790e7d177d29fc32f926a419c534.exe
    "C:\Users\Admin\AppData\Local\Temp\1e90790e7d177d29fc32f926a419c534.exe"
    1⤵
      PID:2212
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 880
        2⤵
        • Program crash
        PID:3044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar2B69.tmp
      Filesize

      84KB

      MD5

      ece7150c2acdb783e5d2c06c811f5631

      SHA1

      57bd522da2fc53de8031a2eedcf53cfe3f874344

      SHA256

      c609ddc356ad3775a8d4562e950186a78e65b7838358d75f23fb95c450bdee4b

      SHA512

      a1759e2dc9494cdae9748d87d2ab8964d35063fb1555048bac77d83d82e43ff8d0342459e4f3668bac7ec7f0483ee93d981085098bb7dcdec2adaa26d4ed8843

      Download Submit
    • memory/2212-2-0x0000000000290000-0x000000000032D000-memory.dmp
      Filesize

      628KB

      Download
    • memory/2212-1-0x0000000002860000-0x0000000002960000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2212-3-0x0000000000400000-0x0000000002400000-memory.dmp
      Filesize

      32.0MB

      Download
    • memory/2212-43-0x0000000000400000-0x0000000002400000-memory.dmp
      Filesize

      32.0MB

      Download
    • memory/2212-63-0x0000000002860000-0x0000000002960000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2212-65-0x0000000000290000-0x000000000032D000-memory.dmp
      Filesize

      628KB

      Download