Overview

overview

10

Static

static

3

80e578b117...12.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2025, 04:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80e578b117395ff1d0605d651e864012.exe

  • Size

    12.8MB

  • MD5

    80e578b117395ff1d0605d651e864012

  • SHA1

    dfc75d28b8a9142432584347bf8ba339f1c36876

  • SHA256

    a63f053082cd425d1713947ed6cb8cec4c1826eeea1c1c664544d9e0473a9b33

  • SHA512

    858748cd193ac82dc57259e12e8a146da257885d25d95a15f4d70c8c14d133e2527458a189a71f4e1b8542802f19036778adea6c1a1ae6b9f80cad6b0be9ec32

  • SSDEEP

    98304:iJQoSAhT7MZdUXdgIUg4RnIc9PiJHsdR7h0GQxMGj8z6Po3jcX:yQongIinX2+hq8z6Q3G

Score
10/10
vidardb4d8ec8cb147b1ab094d0158a4e7dbbdiscoverystealer

Malware Config

Extracted

Family

vidar

Version

12.5

Botnet

db4d8ec8cb147b1ab094d0158a4e7dbb

C2

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80e578b117395ff1d0605d651e864012.exe
    "C:\Users\Admin\AppData\Local\Temp\80e578b117395ff1d0605d651e864012.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5540
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\463FIIFI\76561199817305251[1].htm
    Filesize

    34KB

    MD5

    834fa6296c9e02404fa682052e5407fa

    SHA1

    2590f18c48fa2506c5ab26507a9829aa0b808a41

    SHA256

    4a275b23b1410ef7a2d8bec5d115cc5c72219fc375d931db7444e65304c9f91e

    SHA512

    2d7f77fe15b122c3259b8451ec0b8471dab58ffc9d252e1a03d2ca05d72121466fab40cdc71f441766c9c5d298ffefdde2975fcfd81f8c3459af96fced65af56

    Download Submit

  • memory/2756-0-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2756-1-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2756-2-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2756-4-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download