Overview

overview

10

Static

static

3

80e578b117...12.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2025, 04:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80e578b117395ff1d0605d651e864012.exe

  • Size

    12.8MB

  • MD5

    80e578b117395ff1d0605d651e864012

  • SHA1

    dfc75d28b8a9142432584347bf8ba339f1c36876

  • SHA256

    a63f053082cd425d1713947ed6cb8cec4c1826eeea1c1c664544d9e0473a9b33

  • SHA512

    858748cd193ac82dc57259e12e8a146da257885d25d95a15f4d70c8c14d133e2527458a189a71f4e1b8542802f19036778adea6c1a1ae6b9f80cad6b0be9ec32

  • SSDEEP

    98304:iJQoSAhT7MZdUXdgIUg4RnIc9PiJHsdR7h0GQxMGj8z6Po3jcX:yQongIinX2+hq8z6Q3G

Score
10/10
vidardb4d8ec8cb147b1ab094d0158a4e7dbbdiscoverystealer

Malware Config

Extracted

Family

vidar

Version

12.5

Botnet

db4d8ec8cb147b1ab094d0158a4e7dbb

C2

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80e578b117395ff1d0605d651e864012.exe
    "C:\Users\Admin\AppData\Local\Temp\80e578b117395ff1d0605d651e864012.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4200
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EAO45EME\76561199817305251[1].htm
    Filesize

    34KB

    MD5

    88e7e74bcc166bddc4f5f3b5a81ee944

    SHA1

    3cc17c58139c4006d43a4d50ab65b67abfb963d3

    SHA256

    2d8edca076bcf1afba2fca48bfd29007a5d53c8c0652b964445ee716a6fb93b3

    SHA512

    bccad7c7dbe05b66cbed9b966a62ad9a2a8a55b68fb4d7666a1eefb97d1c0a3c2deef33bffb568cd5a6313e2f06f5654d7e75e201a8bb34b2f289e23ce3f0d3f

    Download Submit

  • memory/4080-0-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4080-1-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4080-2-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4080-4-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download