Behavioral task
behavioral1
Sample
1996-54-0x0000000000FF0000-0x000000000162D000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1996-54-0x0000000000FF0000-0x000000000162D000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1996-54-0x0000000000FF0000-0x000000000162D000-memory.dmp
-
Size
6.2MB
-
MD5
f4f06c4d3d1cebb39a28c9d65068effb
-
SHA1
02e9a036b5746df7841db7c4d0f21f67ddb0f8cf
-
SHA256
b6b9b931eabadb9330023b4d0d22ac9f91e6923bde12b070d5032c7ae9a394cc
-
SHA512
3a8eb13ec4ad1aa19a0f40d6fcf0877005e9182b73c4c9372d9f0c25a27b29a4a5cd70d05106983d114810a41ab1bc4a879a7005783bb80c54a00f9d44b9cad8
-
SSDEEP
98304:uyq8UUXLESXPw+WHMJCVMQIvCTjAMzqBA3pR8BG0ZuUwLTtDQCvoZfwfxy/b/:m81XfY88mCHpzqCCBG0bw1DfAKyj
Malware Config
Extracted
vidar
3.1
20f95c4f85151b21c48a8766fbd2d32d
https://steamcommunity.com/profiles/76561199472266392
https://t.me/tabootalks
http://135.181.26.183:80
-
profile_id_v2
20f95c4f85151b21c48a8766fbd2d32d
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79
Signatures
Files
-
1996-54-0x0000000000FF0000-0x000000000162D000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp2 Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 135KB - Virtual size: 189KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ