Analysis
-
max time kernel
148s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 22:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1e90790e7d177d29fc32f926a419c534.exe
Resource
win7-20231129-en
3 signatures
150 seconds
General
-
Target
1e90790e7d177d29fc32f926a419c534.exe
-
Size
604KB
-
MD5
1e90790e7d177d29fc32f926a419c534
-
SHA1
25142c6b5243f09542d28ce75f42f8b1e337bf18
-
SHA256
859b840ac0113845859e79c66583996665f246ccc6f3ebfe419e2e07e8f515cc
-
SHA512
667f4c651debd720b8f4c534fd4690a9cc2ddbce98d7577285f6e42b88e71ba209433ad0dcb3dc7d34b79df7a59ad6d1e7c8602365b5501d85a235c3d84d4f6d
-
SSDEEP
12288:qb7JEYkQ7Mgtxi1RZQ+EspGqoKq1pGtmI0LOzBx4J39tBvMxpG/80DT+:AEYkQ8K+EspjqfGJ0LCj4V9tFMLGU0
Malware Config
Extracted
Family
vidar
Version
40.1
Botnet
706
C2
https://eduarroma.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/2712-2-0x0000000004150000-0x00000000041ED000-memory.dmp family_vidar behavioral2/memory/2712-3-0x0000000000400000-0x0000000002400000-memory.dmp family_vidar behavioral2/memory/2712-14-0x0000000004150000-0x00000000041ED000-memory.dmp family_vidar behavioral2/memory/2712-13-0x0000000000400000-0x0000000002400000-memory.dmp family_vidar -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2984 2712 WerFault.exe 1e90790e7d177d29fc32f926a419c534.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e90790e7d177d29fc32f926a419c534.exe"C:\Users\Admin\AppData\Local\Temp\1e90790e7d177d29fc32f926a419c534.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 15842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2712 -ip 27121⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2712-2-0x0000000004150000-0x00000000041ED000-memory.dmpFilesize
628KB
-
memory/2712-1-0x0000000002570000-0x0000000002670000-memory.dmpFilesize
1024KB
-
memory/2712-3-0x0000000000400000-0x0000000002400000-memory.dmpFilesize
32.0MB
-
memory/2712-14-0x0000000004150000-0x00000000041ED000-memory.dmpFilesize
628KB
-
memory/2712-13-0x0000000000400000-0x0000000002400000-memory.dmpFilesize
32.0MB