Overview

overview

10

Static

static

3

JaffaCakes...c1.exe

windows7-x64

10

JaffaCakes...c1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 06:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_68d3ec58f186aa0e742d18fda0e0d6da8656d4cb3fa814b626f0d74b701074c1.exe

  • Size

    405KB

  • MD5

    a0dbb17789085c2c961a081fbcce7090

  • SHA1

    768ad53269fed00b234215adab9718f742076fdc

  • SHA256

    68d3ec58f186aa0e742d18fda0e0d6da8656d4cb3fa814b626f0d74b701074c1

  • SHA512

    99550fbbec843a74d1fdb8591a94230f8085ac48e701dfb88fbf70519a8e7853443433ad13b0ddb8d11c8eb9abe0bb96e2a222186b8f9666bcf03785f7f31d48

  • SSDEEP

    12288:iQhI8l169seBsX/LSiZtvP4lOuAd1B7PBg:iAx6BsvLJ5EJsrB

Score
10/10
vidar1276discoverystealer

Malware Config

Extracted

Family

vidar

Version

51.9

Botnet

1276

C2

https://t.me/btc20220425

https://ieji.de/@ronxik213
Attributes
  • profile_id

    1276

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Vidar Stealer 4 IoCs
    stealer
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_68d3ec58f186aa0e742d18fda0e0d6da8656d4cb3fa814b626f0d74b701074c1.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_68d3ec58f186aa0e742d18fda0e0d6da8656d4cb3fa814b626f0d74b701074c1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2220-1-0x0000000000570000-0x0000000000670000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2220-2-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2220-3-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2220-4-0x0000000000570000-0x0000000000670000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2220-6-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2220-5-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download