Overview

overview

10

Static

static

3

c94ce43d6e...2b.exe

windows7-x64

10

c94ce43d6e...2b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c94ce43d6e27390ce125ee34048c002b.exe

  • Size

    574KB

  • MD5

    c94ce43d6e27390ce125ee34048c002b

  • SHA1

    a65eab2916aec7c514e28d04e5e88865a4b18fe3

  • SHA256

    73adc4f8c639efed8cba93067add595c009cc10fe2b4ffa9b7fff199d0d7af7d

  • SHA512

    f85a0915e146395c62244721aa4e99494cef3b5166b0708eedc3fe9b1fc5471a44879b00625fba27d62d0792bd5832001acc502a8fda86e96bc9b32da017d885

  • SSDEEP

    12288:5egANN6IeveCQ5eQfIHgpgKMR6UzeLO8NTHWlhEILkalp6:5qNsI2XtKMR6SeLBNS7EI

Score
10/10
vidar818stealer

Malware Config

Extracted

Family

vidar

Version

39.8

Botnet

818

C2

https://xeronxikxxx.tumblr.com/

Attributes
  • profile_id

    818

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 4 IoCs
    stealer
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c94ce43d6e27390ce125ee34048c002b.exe
    "C:\Users\Admin\AppData\Local\Temp\c94ce43d6e27390ce125ee34048c002b.exe"
    1⤵
      PID:3200
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 1560
        2⤵
        • Program crash
        PID:372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3200 -ip 3200
      1⤵
        PID:4156

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3200-1-0x00000000008B0000-0x00000000009B0000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/3200-2-0x0000000002260000-0x00000000022FD000-memory.dmp
        Filesize

        628KB

        Download
      • memory/3200-3-0x0000000000400000-0x0000000000513000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/3200-10-0x0000000000400000-0x0000000000513000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/3200-15-0x0000000002260000-0x00000000022FD000-memory.dmp
        Filesize

        628KB

        Download