Analysis
-
max time kernel
110s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
13-01-2025 17:01
General
-
Target
de05147333ab7ae47dc402c2f078813ef95fe63d131fb462344744ebbdb2b099N.exe
-
Size
616KB
-
MD5
5b149bad7eaf598ac146681b1842e390
-
SHA1
ce5318ae870d44cdb11fd32e8f62ffeff4320c45
-
SHA256
de05147333ab7ae47dc402c2f078813ef95fe63d131fb462344744ebbdb2b099
-
SHA512
321e5979cad4a0e36d51eb0e545111e5d8f17a7040392bace0b1712a73ba383513391d53e8279f78fd671a06718d1b321293ca480c5ce9f07b02526caaf24f6b
-
SSDEEP
12288:pANwRo+mv8QD4+0V16Dt+u7AZifN2F1RNbYopuWGfnT9ocVEzg7SKUJ8kER:pAT8QE+k4tPAZi12FZYxvT9oGP7SMkER
Malware Config
Signatures
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Vidar Stealer 2 IoCs
-
Blocklisted process makes network request 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in Program Files directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\de05147333ab7ae47dc402c2f078813ef95fe63d131fb462344744ebbdb2b099N.exe"C:\Users\Admin\AppData\Local\Temp\de05147333ab7ae47dc402c2f078813ef95fe63d131fb462344744ebbdb2b099N.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\downloader\downloader\MM.exe"C:\Program Files (x86)\downloader\downloader\MM.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\gameux.dll,GameUXShim {29dfdaf6-2655-4d7d-9dae-112ce811cf33};C:\Program Files (x86)\downloader\downloader\MM.exe;26203⤵
- Blocklisted process makes network request
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.org/1S4sr7.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD56b52cf2dba777eae7dd294bd44d7d172
SHA1cf8a368015f073e0f42ee74ecdbe14cb5fcc3508
SHA256e108522b78f3f69a8abedea3681b42a4efa9ebedb2999b737a1aad164a3664de
SHA512f19dadfc92f1d97f755b5534cd3b1369dc0790d1f0557677755e2ccae7dd384728f7b329006785b2b77eb11f14dc09fa62a893ce520b11ed97ff442b9efa9949
-
Filesize
342B
MD52ad992ef3d13374ffb6e5545dea28442
SHA183a2f6c9319fe4863b1ac21c52059a74f076d40c
SHA2569e75dcffc39acd1228ed41677bea98e7e7cb112af5969342e124f9d10edee69a
SHA5120a2396e051f3e7cf5b6e48d390da0441b9e00216459ae219cb77fc6590ae5297a0d32b0a553e25a3cc77b2325bf96a98168d8b6a7ca902cad92c9c52425a5b00
-
Filesize
342B
MD54430b262e0f3aaf49453651f66049e8d
SHA16cf9ace4cedd229758776fa61d1ff3bdca5b8bee
SHA256fbd4977713ac414d6da1c85d6b5f9c480ad10a1503a8326410a1505535bf79d5
SHA512d943a1bb86067402c111665d382b2caa86b997135680dbd5afc05d02db38605fae8923f1974279c8fcda908b49a311ee1d6d84012add44e6d5a0a8fd325d14f0
-
Filesize
342B
MD5b637a3553e4b13460aabd5972a8e3d83
SHA14986275009db64ddf3de0ea92a92b1c133dcb5e1
SHA25612943cc371bd1e38cb20699cb143a1ca6dbad62b88bc757880378afcfa74b01e
SHA512dfe52f0c3fc4f08af1f80a00a99a0ff1379f9edde761eb85012a94c1f01799faae414886177c9c643aba774b5ae3f354de8736d72e0499cb22ccf93900482ec1
-
Filesize
342B
MD5b7b0f3970651e98fcdf07732c0454130
SHA12cb89d2d7c8e5b5780a6ee0dda78d752a9f4c95c
SHA2562f196fdb0b2c6754555b395e82ff7d4a6547ef1bdff05b5698e99adc8907ac7a
SHA512b831b3ede7fe8bb3d1b159039725f9cdde8afe5b1896a51f8336e46809d856f8da43bc9491292767a2ffce011ce5d9913617a5d9f9b8fe6c52509ad520044929
-
Filesize
342B
MD5bcaa98b002aff24c65e3eba9b0f3762d
SHA12910207653de0646ce66e2e8a94ef98413e9e1f6
SHA256b8412c72cb37a4656f58018caad93ffb73235d17851fca9e7bd7f8c65dce29c1
SHA51231384872ecb71f4324143c88cb508fa346898775129715dacc5cc73a89ebc72ed92a9c170624d064fac4d06be462844bafcc61a8b01ab3628d72780fce074cda
-
Filesize
342B
MD5b87f625eac51789897d0584f0c8fcf52
SHA117a192b869b738f6acb1d1e6225e19c91f5f6c91
SHA25698f9d988c58fadace78e743357ae2adc6fbb80d64fb8f581cdb1eb791c2e24aa
SHA512e3c13429a6acb0f4b6bb79801bb6857244a1c0ca3934dae5ce2ff219544a916ad9d1557afa3a9251034d5deb5bc5a54b512f3b9dc6d1384964385e5cbd58cb70
-
Filesize
342B
MD5e6744a562f6a13ff16e4a7be840ca510
SHA1d3d41c82fcaa19c6722c58478f8657eb64f13979
SHA256d338215ab2564f038d45bdf483bf888d582f039d7ce7f49ef3270137a7d1dbeb
SHA512d60bb851ec1232cf28059fb87e1e3ef77562d3437e7bc30cc305ec65bc7db9138f1cd24fcfdc3c75aafd7280929a7c2afb53953b395460539fce215589d62dcd
-
Filesize
342B
MD5c4b9ac5f8eb6e74feb7d72f6d29e4795
SHA1abbf540b95a7f620e30f324387c006fc0aefca16
SHA256cc2bd9ed667e129af783e8b9eeda0223b5c8eca9e9369ddd4c14539fbc42c2c6
SHA512c2bdf86e08aa99b58f666c56daf6fc5a56b7e39b6700d4df2bf5059a130cde6104b3622a45e30409666412b61cea1519b9383a704970ab6dc9525d06bee706a0
-
Filesize
342B
MD579663753fbdcde3b3e77bc7f8bec83a6
SHA1c219c98ad503103bc6c5bb53b535d85e4d02bd36
SHA2566b6bbb393985e550f5277828985f932926a2e7cb458e94ce2681452e3ca8845a
SHA5127cb7d9272cd695b0d8dbde9ce07d91c15c1f7ebfe01916e9b93fca238cc39b3a4f12a1ccb6af2d2d199bb5cfd86e5957e09ac0e50f1cb84fbaca682fc3729d01
-
Filesize
342B
MD59e7ecbf0430df060bcbac059e8f9d04d
SHA1fc3539e803957b15acba50283d7f257554629246
SHA2565c29f32e67fe5cea08acd48e6c7e38c5ad44ed57d6e2243a183064bf285572a0
SHA512ecde97bc8702e58e49ef1a843077f8daf889827b2d4654597aa7608df4324f328eb48f07c1eec59867a086ac654cec7cfc7875cbdbdf5eafc4660d812c59cad5
-
Filesize
342B
MD504f6e29b8b518436724105c0577cfec5
SHA11f34c9cbfbc02a655c944395723d7f5d72b8ccdf
SHA256787865ec93e75ad9c87de47d732c479e0db70ea40aee9410308267406b6f6f6e
SHA5121c1b07bb87cc21b9911ee7d80c52be57a8084eaf9de5c7b6073baa1b3f6981dad18a177bd10ef88465d80bc9c7fb4359525e3a84bf730191cfa6241a28caadee
-
Filesize
342B
MD5a4b20325d08eedc74fb150712236ab06
SHA1c290c5b25e457bef74874869a7f1d04a1f5c3bd7
SHA256266099617bd97645379835c3f0f15a0c735709078ac4c267c0cd469065d620c0
SHA512def9aead0acbde3675470cc5f678a559dc224b29b1686c8a65b0ef7214f2f4dc6ac640062f007963e078bda5ba6d25aa19a7df789d1099fc4bdf1818c197b981
-
Filesize
342B
MD5d44cd090b79504a99a10ccc216a6472d
SHA1e3e0f8837cc029e16c2e18e49dcb2f6cea7e4c54
SHA2569e824932a1d58a30a11cea614b0348cfdfbbbe8d404af06d6f58ff87dc544453
SHA512ec26dc329b539e033592fb7be9223d1cc5563980e858435620f8d9ce522f8eae0b79b437df11801536415a11ff274fbdc2edea95248bddb22a4c86469c9b4a03
-
Filesize
342B
MD551e1b8742c9157cabe874f8a58adbb50
SHA10af741d0e0d96856b41b93a8bd0219096662649b
SHA2568741d68270862086ac27424c8c826a2b52bf9f876674bb8a61b6bfd789349080
SHA512b6bd8aaf41f8d46c91284c8dc950d4b378aa15cbe21b6fa2bf549b17e066fd1df0d2adafd1b0af6d201020c25d34a50392b8c05e5aa022ebcf0ac591f986e360
-
Filesize
342B
MD50efc8791880b12e35771a8511ff79ee7
SHA16ac1e72ba8d1ce9bccc20cd6cd3b4fd769fb9f3f
SHA2566e8453f03e2da4c15138110fe9b29879987efd80b41b681b2d26c44b98684ed9
SHA512cda628c533b6b5635f9799ef2556345c54074119a783afd04f9df4e383061f456d6c861e2630dac50c37f894a293bb4bb1e60bbc10fe3d18bc23e4a52115afba
-
Filesize
342B
MD5911a8f1dacf98843487dcb5d1ec0ae3b
SHA17acaa64153f425719a0ed47a347733fef67eb102
SHA256cb2e7a2b2c2913f2484681e5a0344992143c916b267c95a63425c096b1934df7
SHA512d9c74b25af46f3e7512b6a8c2792093db4f8557f8efe9b2b9278b30e150915ad984bfb5c2f54a07856c9db435fe784370d284264148dc098afbbb2d84a541ab8
-
Filesize
342B
MD56711d8db3315ca6ed0b65ccb9ef0480e
SHA18e18b43a3290fd7872d756b279030215a299503f
SHA2567645535112882bd9add053562afc23ebc9f08993fb5cc9b17a69269124c57154
SHA51227ed5b6a528f5912904828303aae44d3ddff5897c472b139e8de47ca34d1c39d265a14475173e1959b12b469668a4eddb1fb14b0bd05b9330d1986cf780df847
-
Filesize
342B
MD5017bf87e68474a7abdc3e389164572bb
SHA170490dd034fcadb898cd5b2f14e3a36eae1039cb
SHA2567d2106f61454346bb14eee1172df868d47baebe8ba3340bf0c519c53f76fbd99
SHA51211adbb847163600382624380c1c382fb9c314e082ce6e76cd54de7d10a5f437b91c023d694dc1bfa59b269f3e2f9b780548f384515aaae1b61dade989627bb3b
-
Filesize
342B
MD5a24f35298e1d3f35d9863c95bebb987f
SHA1a800b0d5d1bf22061d2b4a5c73fe242c6870ebb2
SHA256092b6d0b68baa7660953617b540f556529aa51c28986529133a6ac6721f7d431
SHA51294fd85f3a5ce2c7c6b75eb42c93d4e79afc3d038fd4b4e58a84fbc1bd3be3ceec096c30374f3a1a73488258e7e5c064e2659846b86e214270bafee91fd8016bb
-
Filesize
242B
MD54c2032908e9cec089b36f71601137762
SHA197ba3c54cd957237e723efb5834919dc02394950
SHA256c4b9db59dc937dd23bdfbba884095f8aa1eaa531111946aed20e193d800f7add
SHA51207e7c591d30b76c84bd4b9c3cd2cec53264a1ca1764dd5cd9cac8f8c090bad1e8f140b1677acbbd5aa0c4a4168a7977ad601d1a0a226e8fc8796a4bd718a225f
-
Filesize
2KB
MD58826c40ecc6bc54f0d8df44ee9e443e7
SHA1f140b9ddeec16489960baf760c24a92210e7f5dc
SHA25698c145fb5ca48cc58db7e63b3e8302e4e7c8a69b3d9877c363dab5476d05592b
SHA512767b439a5368b804caed6932f00ae2c23e5e433265b904b177afa4f63c0be94193fe5c05b091b345eaef4b2f08b46435a0e36366d9ae983075bed033979a4d96
-
Filesize
2KB
MD518c023bc439b446f91bf942270882422
SHA1768d59e3085976dba252232a65a4af562675f782
SHA256e0e71acef1efbfab69a1a60cd8fadded948d0e47a0a27c59a0be7033f6a84482
SHA512a95ad7b48596bc0af23d05d1e58681e5d65e707247f96c5bc088880f4525312a1834a89615a0e33aea6b066793088a193ec29b5c96ea216f531c443487ae0735
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
653KB
MD558f06cad4c804366565de62ec9fde918
SHA1aaa10511e2244e3cd1432fe402f4a0f2d457c7b7
SHA256193b3023b3665a5054f4fc7ff11c6c80f2f1569e8b1f66e8df0f2ca404d0cc72
SHA5120502e5bd59d5b13c0b4dd552eed9d082aa724d78bc784ac56e7a18fa5d8446e689187f8f17fd807d6332723a01b9e3889a63697c194f817914c97568b7445214
-
Filesize
204KB
-
Filesize
49.4MB
-
Filesize
49.4MB
