Analysis
-
max time kernel
138s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31-12-2023 09:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
30dec3f14079ce965d731f40eae7a7d7.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
30dec3f14079ce965d731f40eae7a7d7.exe
-
Size
597KB
-
MD5
30dec3f14079ce965d731f40eae7a7d7
-
SHA1
127be9cd77c35a46b950d0f22089cdb52ff2da93
-
SHA256
82ff83ce0665382ce20ccb6a1295bce8eff4653edadb331814c43ef198265a27
-
SHA512
776fc5ae814697897605f056de7e2f7d4ca65fd9da199974ed460e60a56d5ba153af4b30fcac59db182611e6078ebc69b5e8de883e4b89a5adbf56093a64e526
-
SSDEEP
12288:WKdcOY+osWU8hLhl0dDLvF6zvxl8+H9yxN0NuSXaP18bonb+zhgm4fgor2TlFm:WDOY+osWU8hL0dwzXtHCuNdXamboAOmP
Malware Config
Extracted
Family
vidar
Version
39.8
Botnet
706
C2
https://xeronxikxxx.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/3572-2-0x0000000002260000-0x00000000022FD000-memory.dmp family_vidar behavioral2/memory/3572-3-0x0000000000400000-0x000000000051A000-memory.dmp family_vidar behavioral2/memory/3572-14-0x0000000002260000-0x00000000022FD000-memory.dmp family_vidar behavioral2/memory/3572-13-0x0000000000400000-0x000000000051A000-memory.dmp family_vidar -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1400 3572 WerFault.exe 30dec3f14079ce965d731f40eae7a7d7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\30dec3f14079ce965d731f40eae7a7d7.exe"C:\Users\Admin\AppData\Local\Temp\30dec3f14079ce965d731f40eae7a7d7.exe"1⤵PID:3572
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 10322⤵
- Program crash
PID:1400
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3572 -ip 35721⤵PID:2144