Analysis

  • max time kernel
    155s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 13:20

General

  • Target

    19ca7407319e34670c18f6a593481ef7.exe

  • Size

    573KB

  • MD5

    19ca7407319e34670c18f6a593481ef7

  • SHA1

    f55d5fc6947ab89d5ca925937cd6dacae5c4a97d

  • SHA256

    41fbd8eea7c632625a8a403042fe23906fb5f51e88e027f722e185a1fedd1e48

  • SHA512

    d89615b5c26a45a3f59d530bc4a1d122252bf73176cdba771dd52dca269313e367767cc618dac74f7139f19167a37c8bb905f204dcbccbaf711acafc52cf4cdd

  • SSDEEP

    12288:1fPDILmGVsZA99FOpikHfR6PN/tC5ivVAYEPys0oBMQ1x7U:1jIKzQ+ik/RQu5ivVAX/0iMQHI

Score
10/10

Malware Config

Extracted

Family

vidar

Version

39.7

Botnet

706

C2

https://shpak125.tumblr.com/

Attributes
  • profile_id

    706

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Vidar Stealer 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19ca7407319e34670c18f6a593481ef7.exe
    "C:\Users\Admin\AppData\Local\Temp\19ca7407319e34670c18f6a593481ef7.exe"
    1⤵
      PID:3096

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3096-2-0x00000000021F0000-0x000000000228D000-memory.dmp

      Filesize

      628KB

    • memory/3096-1-0x00000000004B0000-0x00000000005B0000-memory.dmp

      Filesize

      1024KB

    • memory/3096-3-0x0000000000400000-0x00000000004A9000-memory.dmp

      Filesize

      676KB

    • memory/3096-13-0x0000000000400000-0x00000000004A9000-memory.dmp

      Filesize

      676KB

    • memory/3096-16-0x00000000021F0000-0x000000000228D000-memory.dmp

      Filesize

      628KB

    • memory/3096-15-0x00000000004B0000-0x00000000005B0000-memory.dmp

      Filesize

      1024KB