Behavioral task
behavioral1
Sample
2340-365-0x0000000000400000-0x000000000046C000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2340-365-0x0000000000400000-0x000000000046C000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
2340-365-0x0000000000400000-0x000000000046C000-memory.dmp
-
Size
432KB
-
MD5
c7dd4b9a0a1fc26b0e14f2dae861dc9b
-
SHA1
7e22f1256c978952ab4e7a2603182b6ef044360b
-
SHA256
89c833cde817980c6f403cd80be3103f171534ae75f5dec3d2f161666351f2bb
-
SHA512
a2fa20bb4b8732c195497f6dd32252567f96b17610d1e46bb4973ec5d79e1768b2229d266b096a3478d49ae31fff366cbd91151a46f6ef898133fcda71a85ff0
-
SSDEEP
6144:cDZmBlZ87p0vRhZ/u8AfjVO0M9qm9YzYTjOYRGXhMNJ9M:cDZmBi0BA7g0Wqm9YGjOYRGabM
Malware Config
Extracted
vidar
3.4
623db25256a5734d1207787d269d05b2
https://steamcommunity.com/profiles/76561199494593681
https://t.me/auftriebs
-
profile_id_v2
623db25256a5734d1207787d269d05b2
-
user_agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0
Signatures
-
Vidar family
Files
-
2340-365-0x0000000000400000-0x000000000046C000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 249KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ