vidar | fabac53ffc7381edddcaddca2c9b2d647dd30a2e66d62c3cca720349f1e66d4e | Triage

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-04-2024 19:43

Sharing

Report Analysis Logs

General

Target

file.exe
Size

1.1MB
MD5

c7cb10eadcca31c88538f972fd657590
SHA1

9b09cdc280601e63579ae2cb64d863a0419d971c
SHA256

fabac53ffc7381edddcaddca2c9b2d647dd30a2e66d62c3cca720349f1e66d4e
SHA512

9d8efe2b42c5cc99fdc807a9b3d6628c39825b257aef9e81d4b9396b5d3b730307478c047764631fc6b646895c7e92052326dff6e1740fd2ba4eef7904224bd6
SSDEEP

24576:f26YE2EStbC19xq1a9GeWTaaQgUkSMnHJa:fHp19xq1a9QQMHJa

Score

10^/10

vidar stealer

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1084-0-0x0000000000310000-0x000000000042A000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2248 1084 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 1084 wrote to memory of 2248	1084	file.exe	WerFault.exe
PID 1084 wrote to memory of 2248	1084	file.exe	WerFault.exe
PID 1084 wrote to memory of 2248	1084	file.exe	WerFault.exe
PID 1084 wrote to memory of 2248	1084	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 116
2⤵
- Program crash
PID:2248

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1084-0-0x0000000000310000-0x000000000042A000-memory.dmp

Filesize
1.1MB

Download