Analysis
-
max time kernel
3s -
max time network
99s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
30/06/2024, 14:38
General
-
Target
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe
-
Size
4.4MB
-
MD5
c5f20b0cb835adff91c281ba3e9995e3
-
SHA1
b7edfc4fb9befe9acf241e423741e27d68dfd832
-
SHA256
416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b
-
SHA512
233587e39de30cfa0a9526fb041f9c9c70a1e7574e8bd8d934f7b795f3eff2a8aa8e98f20a7fcb06f00c85c233461d56bbabb4bba39c1ac4869839e3f0022678
-
SSDEEP
49152:e+PcYB/o36ki63Hw4/uzcdl3ne2xAOVmmgZV099snm9pswB0Nq7:tPcYB/y6ki6PnuwT06sajB0Nq7
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Signatures
-
Detect Vidar Stealer 5 IoCs
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 21 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe"C:\Users\Admin\AppData\Local\Temp\416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\ProgramData\DBKEHDGDGH.exe"C:\ProgramData\DBKEHDGDGH.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 3204⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GHJDGDBFCBKF" & exit3⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /t 104⤵
- Delays execution with timeout.exe
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3472 -ip 34721⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
516KB
MD50309dd0131150796ea99b30a62194fae
SHA12df6e334708eae810a74b844fd57e18e9fdc34cd
SHA25607c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35
SHA5123d4e5a0718d04fee92d8040880b631107d1e23a6b3bce430d58769179af999c28b99e50c5cd45f283339f7bbb24ffacbf601a5447edb12e28da4517fbfa282e8
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
40KB
-
Filesize
7.7MB
-
Filesize
1.0MB
-
Filesize
112KB
-
Filesize
84KB
-
Filesize
4.4MB
-
Filesize
84KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
624KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
4KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
360KB
-
Filesize
4KB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
2.3MB