Behavioral task
behavioral1
Sample
4960-274-0x0000000000400000-0x000000000046C000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4960-274-0x0000000000400000-0x000000000046C000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
4960-274-0x0000000000400000-0x000000000046C000-memory.dmp
-
Size
432KB
-
MD5
4ea35920aa487c92eeebf3211f402d07
-
SHA1
d9245080ba2ba9eabc9a18b4c3ec9887db898946
-
SHA256
b9b624c49ea14ae2537b3b942004f6a00c4277d109364392a7e80c73bf0ec51a
-
SHA512
08f6bb47081d9502abb3d8aa08e0e8ebcab1d14ce2f100a13cbaf09c96035ba194266ce020ac730842b619f1fb02848aa3c72c43607e3c6467ecb15538004574
-
SSDEEP
6144:cuQRHexo0nwlQvG4IyynVKzVKJ5/eRFHVmGiw/9o0wVEhKhhLa:cuQRHexo0n24zVK32RRVmGiCwVbh9
Malware Config
Extracted
vidar
3.1
00d92484c9b27bc8482a2cc94cacc508
https://steamcommunity.com/profiles/76561199472266392
https://t.me/tabootalks
http://135.181.26.183:80
-
profile_id_v2
00d92484c9b27bc8482a2cc94cacc508
Signatures
-
Vidar family
Files
-
4960-274-0x0000000000400000-0x000000000046C000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 249KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ