Overview

overview

10

Static

static

3

61e6a9acb2...54.exe

windows7-x64

10

61e6a9acb2...54.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-01-2024 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e6a9acb2def09f3bc470513cc85c54.exe

  • Size

    694KB

  • MD5

    61e6a9acb2def09f3bc470513cc85c54

  • SHA1

    584b7301dd147a4cbcaf195bec1363287448baa3

  • SHA256

    ecd74dd762ced97d83cc351b41f1545b85778d553ceb466f6c8533d6c54e30ae

  • SHA512

    897d07978b11d2d46cd57828f07d329bd23829e96a878a50d472a5476dd5556e04a4375b9fd7f67f8f7719ab37fa6837ca3850f7641bbc55874fe36e92262f25

  • SSDEEP

    12288:axGt1KIgj5TJuWaRGu7a81KE64i5uY4Cgbo73O1kV1nO1GVS9Td01LqBw/yxyR:tKIgKRGuO8gTGYwoS1kVg9q95yxyR

Score
10/10
vidar937stealer

Malware Config

Extracted

Family

vidar

Version

40.1

Botnet

937

C2

https://eduarroma.tumblr.com/

Attributes
  • profile_id

    937

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 4 IoCs
    stealer
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61e6a9acb2def09f3bc470513cc85c54.exe
    "C:\Users\Admin\AppData\Local\Temp\61e6a9acb2def09f3bc470513cc85c54.exe"
    1⤵
      PID:3616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 1756
        2⤵
        • Program crash
        PID:4500
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3616 -ip 3616
      1⤵
        PID:4112

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3616-1-0x0000000002410000-0x0000000002510000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/3616-2-0x0000000004170000-0x000000000420D000-memory.dmp
        Filesize

        628KB

        Download
      • memory/3616-3-0x0000000000400000-0x0000000002402000-memory.dmp
        Filesize

        32.0MB

        Download
      • memory/3616-13-0x0000000000400000-0x0000000002402000-memory.dmp
        Filesize

        32.0MB

        Download
      • memory/3616-14-0x0000000004170000-0x000000000420D000-memory.dmp
        Filesize

        628KB

        Download