General
-
Target
164-447-0x0000000000400000-0x0000000000472000-memory.dmp
-
Size
456KB
-
MD5
0a7ac827b19664eb455d96a67b882a97
-
SHA1
d1888ec496ac80c9983cea33ba51e345aad74144
-
SHA256
9a559e0a106ed7d1e973e8dbee38ee4160ad10769eca0df9ce745897d60a0bfc
-
SHA512
7ac7e5162e9a80508eedbbe50f407ba497b43bf444f746a2620332170965f6b8aff286f41ef38b7b2b864f74ae6eb5e40adc4e7848808828a827a9f44d920238
-
SSDEEP
6144:SbbD2RXh9KD7EvVkr0evEcZ7/CUqjfgQlVumrwVRXLBchXfovcW:SbuRX6D7ENiKUqDgYumrIRXLBfN
Score
10/10
Malware Config
Extracted
Family
vidar
Version
3.6
Botnet
acfe5a66e11e3bf64369ac07af193354
C2
https://steamcommunity.com/profiles/76561199499188534
https://t.me/nutalse
Attributes
-
profile_id_v2
acfe5a66e11e3bf64369ac07af193354
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
164-447-0x0000000000400000-0x0000000000472000-memory.dmp
Headers
Sections