Overview

overview

10

Static

static

3

2c816bef3c...b2.exe

windows7-x64

10

2c816bef3c...b2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    110s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c816bef3cd7f3f367e6b94761c2bab2.exe

  • Size

    240KB

  • MD5

    2c816bef3cd7f3f367e6b94761c2bab2

  • SHA1

    791c10407dd5df2abee9b87afa09306bd5d7d93c

  • SHA256

    81325d0c1a73cad7402d2020c15304cba466ecc7919061cd16762f655019c038

  • SHA512

    e35ae3ff851fa53af16f5e4fc93aef20917d4b4f83d74bed74b972a207a1f7c83b97c8027820d8add586ee7a0b1594eb436d75fb2db657cc54c73fbfad10f9ad

  • SSDEEP

    6144:FA3Qqn4PxoQMZIlkEPTodF8vtH5ofRaG:FaQqG6lgkWM/StH5ofR

Score
10/10
vidarb8a5ebfe4a0abceff8d2cd1a6c6c4024stealer

Malware Config

Extracted

Family

vidar

Version

8

Botnet

b8a5ebfe4a0abceff8d2cd1a6c6c4024

C2

https://steamcommunity.com/profiles/76561199644883218

https://t.me/neoschats
Attributes
  • profile_id_v2

    b8a5ebfe4a0abceff8d2cd1a6c6c4024

  • user_agent

    Mozilla/5.0 (Linux; Android 11; M2102J20SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Mobile Safari/537.36 EdgA/97.0.1072.78

Signatures

  • Detect Vidar Stealer 5 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c816bef3cd7f3f367e6b94761c2bab2.exe
    "C:\Users\Admin\AppData\Local\Temp\2c816bef3cd7f3f367e6b94761c2bab2.exe"
    1⤵
      PID:1908
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 2076
        2⤵
        • Program crash
        PID:3236
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1908 -ip 1908
      1⤵
        PID:2480

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1908-1-0x0000000002660000-0x0000000002760000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1908-2-0x0000000002480000-0x00000000024B6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1908-3-0x0000000000400000-0x00000000022E4000-memory.dmp

        Filesize

        30.9MB

        Download

      • memory/1908-5-0x0000000000400000-0x00000000022E4000-memory.dmp

        Filesize

        30.9MB

        Download

      • memory/1908-6-0x0000000000400000-0x00000000022E4000-memory.dmp

        Filesize

        30.9MB

        Download

      • memory/1908-7-0x0000000002480000-0x00000000024B6000-memory.dmp

        Filesize

        216KB

        Download