Overview

overview

10

Static

static

1

32d1a33a5d...c9.exe

windows7-x64

10

32d1a33a5d...c9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    20s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 10:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32d1a33a5dc17560ff620016b398fec9.exe

  • Size

    566KB

  • MD5

    32d1a33a5dc17560ff620016b398fec9

  • SHA1

    d8b202a3e682a0ccb3b7ee2295d5d62133cc7458

  • SHA256

    18a3ac7fdc9dd873724112c6a390f3c6e5876c6b72664575bb259ad482fdfa18

  • SHA512

    ed3c6d9c9b36aa1d4e1e837c7d081189ec9d177a3fd9d6d1e02c58fea072796220f9322de12cde778c6db3a6d777e1a8c201925fd3e9f284e322ee785c92cadb

  • SSDEEP

    12288:hFN2IR/OSZkYF3KMdgzNv4IG3MQLQ+RSKua8PB3JsdAZvfGA2HaM:hKlS+MdgSIV0Q+vbSsdAZHOHaM

Score
10/10
vidar921stealer

Malware Config

Extracted

Family

vidar

Version

39.7

Botnet

921

C2

https://shpak125.tumblr.com/

Attributes
  • profile_id

    921

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 5 IoCs
    stealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32d1a33a5dc17560ff620016b398fec9.exe
    "C:\Users\Admin\AppData\Local\Temp\32d1a33a5dc17560ff620016b398fec9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\32d1a33a5dc17560ff620016b398fec9.exe
      C:\Users\Admin\AppData\Local\Temp\32d1a33a5dc17560ff620016b398fec9.exe
      2⤵
        PID:3928
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 1812
          3⤵
          • Program crash
          PID:2100
      • C:\Users\Admin\AppData\Local\Temp\32d1a33a5dc17560ff620016b398fec9.exe
        C:\Users\Admin\AppData\Local\Temp\32d1a33a5dc17560ff620016b398fec9.exe
        2⤵
          PID:1928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3928 -ip 3928
        1⤵
          PID:2984

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3928-11-0x0000000000400000-0x00000000004A1000-memory.dmp
          Filesize

          644KB

          Download
        • memory/3928-9-0x0000000000400000-0x00000000004A1000-memory.dmp
          Filesize

          644KB

          Download
        • memory/3928-8-0x0000000000400000-0x00000000004A1000-memory.dmp
          Filesize

          644KB

          Download
        • memory/3928-6-0x0000000000400000-0x00000000004A1000-memory.dmp
          Filesize

          644KB

          Download
        • memory/3928-21-0x0000000000400000-0x00000000004A1000-memory.dmp
          Filesize

          644KB

          Download
        • memory/4392-1-0x0000000074DC0000-0x0000000075570000-memory.dmp
          Filesize

          7.7MB

          Download
        • memory/4392-0-0x0000000000210000-0x00000000002A0000-memory.dmp
          Filesize

          576KB

          Download
        • memory/4392-4-0x0000000004D20000-0x0000000004D96000-memory.dmp
          Filesize

          472KB

          Download
        • memory/4392-3-0x0000000002650000-0x0000000002664000-memory.dmp
          Filesize

          80KB

          Download
        • memory/4392-5-0x0000000004C80000-0x0000000004C9E000-memory.dmp
          Filesize

          120KB

          Download
        • memory/4392-2-0x0000000004D10000-0x0000000004D20000-memory.dmp
          Filesize

          64KB

          Download
        • memory/4392-10-0x0000000074DC0000-0x0000000075570000-memory.dmp
          Filesize

          7.7MB

          Download