Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 04:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0e970c0c6f2856a75e87e34ae7b7bc82.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
0e970c0c6f2856a75e87e34ae7b7bc82.exe
-
Size
691KB
-
MD5
0e970c0c6f2856a75e87e34ae7b7bc82
-
SHA1
60c099f33de2e3d5d45faabd22a86ef4fed4b5cf
-
SHA256
c1556f21883ad0e05a4e9899519bb7f8b1d50af7f0fabe88baae09e157e89985
-
SHA512
cb1767b0014f9f304ee2c3951ec44792dde2aab22cac4cdb7dffce13b1f2594536fe0fc79d79b333a11b95e9a242d8bc84869bc1f7e3c5171084cd3dec3524a4
-
SSDEEP
12288:zr/JbPutxxZhk/DRw8JjEokdI3cKi04Iq3fXFQeDpv9HNosQG1IbMAJ7EujiZAi:v9yMHJXkd/j04IOf1dGbnPpEuji
Malware Config
Extracted
Family
vidar
Version
40.4
Botnet
706
C2
https://romkaxarit.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/2692-2-0x0000000004890000-0x0000000004963000-memory.dmp family_vidar behavioral2/memory/2692-3-0x0000000000400000-0x0000000002BB8000-memory.dmp family_vidar behavioral2/memory/2692-4-0x0000000000400000-0x0000000002BB8000-memory.dmp family_vidar behavioral2/memory/2692-7-0x0000000004890000-0x0000000004963000-memory.dmp family_vidar -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3752 2692 WerFault.exe 0e970c0c6f2856a75e87e34ae7b7bc82.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0e970c0c6f2856a75e87e34ae7b7bc82.exe"C:\Users\Admin\AppData\Local\Temp\0e970c0c6f2856a75e87e34ae7b7bc82.exe"1⤵PID:2692
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 10322⤵
- Program crash
PID:3752
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2692 -ip 26921⤵PID:3984