vidar | 90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c

Analysis

max time kernel
127s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2024, 20:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe
Size

656.9MB
MD5

34b50b71e59e1c5fd2b491ccfb1ca125
SHA1

bc4502b87f7921699e3a28bc45e108acc05d165d
SHA256

90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c
SHA512

80b4f5ba978b5f538e678a4ec8e81ebacf4aa3f1d9c0be96ec1cd7f94785bc95fa1a275ec92002849fafbdffdcf34016753763b697b7016b78a05a0bd00c2071
SSDEEP

12582912:VQyQyQyQyQyQyQyQtQyQyQyQyQyQyQyQtQyQyQyQyQyQyQyQtQyQyQyQyQyQyQyb:VnnnnnnnOnnnnnnnOnnnnnnnOnnnnnnb

Score

10^/10

vidar e907ec0c14f61e0147d368429250cda1 discovery stealer

Malware Config

Extracted

Family

vidar

Version

4.6

Botnet

e907ec0c14f61e0147d368429250cda1

https://steamcommunity.com/profiles/76561199523054520

https://t.me/game4serv

Attributes

profile_id_v2
e907ec0c14f61e0147d368429250cda1
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1076	JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe
1076	JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1076

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

t.me

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

8.8.8.8:53

Request

t.me

IN A

Response

t.me

IN A

149.154.167.99
GET

https://t.me/game4serv

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

149.154.167.99:443

Request

GET /game4serv HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
Host: t.me

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Dec 2024 20:33:54 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 9581
Connection: keep-alive
Set-Cookie: stel_ssid=04a7cad785abeba7fe_4037025013266874163; expires=Tue, 31 Dec 2024 20:33:54 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: ALLOW-FROM https://web.telegram.org
Content-Security-Policy: frame-ancestors https://web.telegram.org
Strict-Transport-Security: max-age=35768000
DNS

steamcommunity.com

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

92.122.63.136
GET

https://steamcommunity.com/profiles/76561199523054520

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

92.122.63.136:443

Request

GET /profiles/76561199523054520 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Mon, 30 Dec 2024 20:33:55 GMT
Content-Length: 35248
Connection: keep-alive
Set-Cookie: sessionid=36f5fd27ccc92d3c922ea967; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
DNS

99.167.154.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.167.154.149.in-addr.arpa

IN PTR

Response
DNS

41.249.124.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.249.124.192.in-addr.arpa

IN PTR

Response

41.249.124.192.in-addr.arpa

IN PTR

cloudproxy10041sucurinet
DNS

136.63.122.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.63.122.92.in-addr.arpa

IN PTR

Response

136.63.122.92.in-addr.arpa

IN PTR

a92-122-63-136deploystaticakamaitechnologiescom
GET

http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

128.140.45.45:80

Request

GET /e907ec0c14f61e0147d368429250cda1 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
Host: 128.140.45.45

Response

HTTP/1.1 404 Not Found

Server: nginx/1.22.1
Date: Mon, 30 Dec 2024 20:33:55 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
DNS

45.45.140.128.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.45.140.128.in-addr.arpa

IN PTR

Response

45.45.140.128.in-addr.arpa

IN PTR

static4545140128clientsyour-serverde
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

134.130.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.130.81.91.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
GET

https://t.me/game4serv

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

149.154.167.99:443

Request

GET /game4serv HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
Host: t.me
Cookie: stel_ssid=04a7cad785abeba7fe_4037025013266874163

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Dec 2024 20:34:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 9581
Connection: keep-alive
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: ALLOW-FROM https://web.telegram.org
Content-Security-Policy: frame-ancestors https://web.telegram.org
Strict-Transport-Security: max-age=35768000
GET

https://steamcommunity.com/profiles/76561199523054520

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

92.122.63.136:443

Request

GET /profiles/76561199523054520 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
Host: steamcommunity.com
Cookie: sessionid=36f5fd27ccc92d3c922ea967; steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Mon, 30 Dec 2024 20:34:55 GMT
Content-Length: 35248
Connection: keep-alive
GET

http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

128.140.45.45:80

Request

GET /e907ec0c14f61e0147d368429250cda1 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
Host: 128.140.45.45

Response

HTTP/1.1 404 Not Found

Server: nginx/1.22.1
Date: Mon, 30 Dec 2024 20:34:55 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response
GET

https://t.me/game4serv

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

149.154.167.99:443

Request

GET /game4serv HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
Host: t.me
Cookie: stel_ssid=04a7cad785abeba7fe_4037025013266874163

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Dec 2024 20:35:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 9581
Connection: keep-alive
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: ALLOW-FROM https://web.telegram.org
Content-Security-Policy: frame-ancestors https://web.telegram.org
Strict-Transport-Security: max-age=35768000
GET

https://steamcommunity.com/profiles/76561199523054520

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

92.122.63.136:443

Request

GET /profiles/76561199523054520 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
Host: steamcommunity.com
Cookie: sessionid=36f5fd27ccc92d3c922ea967; steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Mon, 30 Dec 2024 20:35:56 GMT
Content-Length: 35248
Connection: keep-alive
GET

http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

Remote address:

128.140.45.45:80

Request

GET /e907ec0c14f61e0147d368429250cda1 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
Host: 128.140.45.45

Response

HTTP/1.1 404 Not Found

Server: nginx/1.22.1
Date: Mon, 30 Dec 2024 20:35:56 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

149.154.167.99:443

https://t.me/game4serv

tls, http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

1.5kB
16.6kB
23
19

HTTP Request

GET https://t.me/game4serv

HTTP Response

200
92.122.63.136:443

https://steamcommunity.com/profiles/76561199523054520

tls, http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

2.3kB
42.9kB
40
38

HTTP Request

GET https://steamcommunity.com/profiles/76561199523054520

HTTP Response

200
128.140.45.45:80

http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

445 B
480 B
6
4

HTTP Request

GET http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

HTTP Response

404
149.154.167.99:443

https://t.me/game4serv

tls, http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

1.7kB
16.5kB
23
19

HTTP Request

GET https://t.me/game4serv

HTTP Response

200
92.122.63.136:443

https://steamcommunity.com/profiles/76561199523054520

tls, http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

2.4kB
42.7kB
40
38

HTTP Request

GET https://steamcommunity.com/profiles/76561199523054520

HTTP Response

200
128.140.45.45:80

http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

445 B
480 B
6
4

HTTP Request

GET http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

HTTP Response

404
149.154.167.99:443

https://t.me/game4serv

tls, http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

1.6kB
16.5kB
21
18

HTTP Request

GET https://t.me/game4serv

HTTP Response

200
92.122.63.136:443

https://steamcommunity.com/profiles/76561199523054520

tls, http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

2.3kB
42.6kB
37
36

HTTP Request

GET https://steamcommunity.com/profiles/76561199523054520

HTTP Response

200
128.140.45.45:80

http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

http

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

353 B
440 B
4
3

HTTP Request

GET http://128.140.45.45/e907ec0c14f61e0147d368429250cda1

HTTP Response

404

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

t.me

dns

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

50 B
66 B
1
1

DNS Request

t.me

DNS Response

149.154.167.99
8.8.8.8:53

steamcommunity.com

dns

JaffaCakes118_90b01db1de89cb0fb3f7b892a6cb3cabdea7f8368bc009170443e10ce1b78c3c.exe

64 B
80 B
1
1

DNS Request

steamcommunity.com

DNS Response

92.122.63.136
8.8.8.8:53

99.167.154.149.in-addr.arpa

dns

73 B
166 B
1
1

DNS Request

99.167.154.149.in-addr.arpa
8.8.8.8:53

41.249.124.192.in-addr.arpa

dns

73 B
113 B
1
1

DNS Request

41.249.124.192.in-addr.arpa
8.8.8.8:53

136.63.122.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

136.63.122.92.in-addr.arpa
8.8.8.8:53

45.45.140.128.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

45.45.140.128.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

134.130.81.91.in-addr.arpa

dns

72 B
147 B
1
1

DNS Request

134.130.81.91.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1076-1-0x00000000012C0000-0x00000000012C1000-memory.dmp

Filesize
4KB

Download
memory/1076-6-0x0000000000820000-0x00000000012A1000-memory.dmp

Filesize
10.5MB

Download
memory/1076-7-0x00000000008BB000-0x0000000000CF3000-memory.dmp

Filesize
4.2MB

Download
memory/1076-5-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/1076-4-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/1076-3-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/1076-2-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/1076-0-0x00000000012B0000-0x00000000012B1000-memory.dmp

Filesize
4KB

Download
memory/1076-22-0x00000000008BB000-0x0000000000CF3000-memory.dmp

Filesize
4.2MB

Download
memory/1076-23-0x0000000000820000-0x00000000012A1000-memory.dmp

Filesize
10.5MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.