Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31-12-2023 11:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
34891d807c3aed97dde4cb331e340513.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
34891d807c3aed97dde4cb331e340513.exe
-
Size
665KB
-
MD5
34891d807c3aed97dde4cb331e340513
-
SHA1
96d1b5fdfa2e9e23020cfcf42beeb04bf00cce75
-
SHA256
30b9f240631bdab5870096675ecd56b6c1b1875ef332104f46993730fe92b91e
-
SHA512
d6bd7159b8c296b42d2bee34f29bbab0c9195724adc4d7a7329cb37fafc9a23922549ea9e8372b87e8b510b487f4fab9db0b5e27f17515054227b005efbc0642
-
SSDEEP
12288:FQZaacUDUCg1fiD5H27EQY53Wdyy99nMptCjX8vjKZN2LYxDka:8bDUCYEb5ASCXaGDt
Malware Config
Extracted
Family
vidar
Version
39.7
Botnet
706
C2
https://shpak125.tumblr.com/
Attributes
-
profile_id
706
Signatures
-
Vidar Stealer 4 IoCs
Processes:
resource yara_rule behavioral2/memory/3704-2-0x0000000002290000-0x000000000232D000-memory.dmp family_vidar behavioral2/memory/3704-3-0x0000000000400000-0x00000000004C2000-memory.dmp family_vidar behavioral2/memory/3704-13-0x0000000000400000-0x00000000004C2000-memory.dmp family_vidar behavioral2/memory/3704-16-0x0000000002290000-0x000000000232D000-memory.dmp family_vidar