vidar | 1284-134-0x0000000000400000-0x0000000000467000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1284-134-0...ry.exe

windows7-x64

3

1284-134-0...ry.exe

windows10-2004-x64

1

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1284-134-0x0000000000400000-0x0000000000467000-memory.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

1284-134-0x0000000000400000-0x0000000000467000-memory.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1284-134-0x0000000000400000-0x0000000000467000-memory.dmp
Size

412KB
MD5

86ed3179a80b7a02b4b5679768869ac7
SHA1

22e602129fdec01f750cff567e041c1020155345
SHA256

7c5f04efc166ecbb0c4144d18df017f549303d70cba8400fe8844bd44a7ca579
SHA512

72b25734e0475947fdeda4778a83c3f7130b384ff25075bd414d3ff74ee85f7a9a4c537a6a71e1a883ab6d4bc5e15304dd0fb99b417fe79062c7d6be0ab880bc
SSDEEP

12288:s4FZhcUoSSwu5To90UUkBCbXs1i7YxKRUiV6a:TQUUkM3YIn6a

Score

10^/10

1679 vidar

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1679

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

Attributes

profile_id
1679

Signatures

Vidar family
vidar

Files

1284-134-0x0000000000400000-0x0000000000467000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy