Analysis
-
max time kernel
89s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/03/2024, 05:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4dfab4889288090c9ea382ac2e589ad8_JaffaCakes118.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
4dfab4889288090c9ea382ac2e589ad8_JaffaCakes118.exe
-
Size
666KB
-
MD5
4dfab4889288090c9ea382ac2e589ad8
-
SHA1
09a1c5c406c56fc919aad7f2687fe007f51dd881
-
SHA256
22dbf29f7b7ee63da9418ab462b83e242823b83af7d697e7cf34796febc4d884
-
SHA512
bf6bf78a8c1b644bbd5513af2c87dc4bb979898d09913a634c4ae92c1115e451b770d26de13df13f6fdd0542b329f05b85f0d40fd713fc1b1254bef880e8d821
-
SSDEEP
12288:pdG/qLDpTFCAYdwQVp03LNQuFdsCggBm5xB27Ygc9KEhR9KT/W5S:pgAVEAY3CkCt+x47YZ9hhRAT/8
Malware Config
Extracted
Family
vidar
Version
41.3
Botnet
1008
C2
https://mas.to/@oleg98
Attributes
-
profile_id
1008
Signatures
-
Vidar Stealer 4 IoCs
resource yara_rule behavioral2/memory/1696-2-0x00000000022D0000-0x00000000023A6000-memory.dmp family_vidar behavioral2/memory/1696-3-0x0000000000400000-0x0000000000518000-memory.dmp family_vidar behavioral2/memory/1696-10-0x0000000000400000-0x0000000000518000-memory.dmp family_vidar behavioral2/memory/1696-11-0x00000000022D0000-0x00000000023A6000-memory.dmp family_vidar -
Program crash 1 IoCs
pid pid_target Process procid_target 4832 1696 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dfab4889288090c9ea382ac2e589ad8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4dfab4889288090c9ea382ac2e589ad8_JaffaCakes118.exe"1⤵PID:1696
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 10282⤵
- Program crash
PID:4832
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1696 -ip 16961⤵PID:3220