General
-
Target
1584-322-0x0000000000400000-0x0000000000472000-memory.dmp
-
Size
456KB
-
MD5
7996fee8de1a01911307816d1ff9a8d5
-
SHA1
3d666fa7a09fe4b5a78d8377a8068a8ed2b65740
-
SHA256
be6acf09e11e6de83d807f6893e7974d62a9a6d1cbf7e704f1adec78cc780d54
-
SHA512
cbef0fc17f16fe449b68dc365a37d1f26bc3fcd1b9bba5ebc3a5875c06518ea7bc80eeb0eaa0452ed9d31892958c73fc66656ff26535cf2292d2e49011ee51ae
-
SSDEEP
6144:WbbD2RXh9KD7EvVkr0evEcZ7/CUqjfgQlVumrSVRXLTchXfT3cW:WbuRX6D7ENiKUqDgYumr6RXLTAN
Score
10/10
Malware Config
Extracted
Family
vidar
Version
3.6
Botnet
5cb879265de0011bfc7588d5d251aee6
C2
https://steamcommunity.com/profiles/76561199499188534
https://t.me/nutalse
Attributes
-
profile_id_v2
5cb879265de0011bfc7588d5d251aee6
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1584-322-0x0000000000400000-0x0000000000472000-memory.dmp
Headers
Sections