Overview

overview

10

Static

static

10

1580-56-0x...ry.exe

windows7-x64

1580-56-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1580-56-0x0000000000400000-0x00000000009C4000-memory.dmp

  • Size

    5.8MB

  • MD5

    ae5a7ea596b6cbf7b59a0b662cfa0a26

  • SHA1

    d1f6f6949f97ad1d7eba5ca5262dd8e124a44cdc

  • SHA256

    e052491c86ad91d98f567ef78c31669fa7fd3efde96a666233790edcd3b135ca

  • SHA512

    e653002a2227a4f8e13c6fbd2afcd60c17c0b820970a15943b745550cfc76b55f53956f0527d71b9b258b421b4df5945218393bbfe5108c8ad5f6c742707c925

  • SSDEEP

    98304:bVlelZAbN6p2tiCeD9cnjBINDNeqD1P6IbUUJbLsTF8HLUh7:buEEao9cmNf1lo2UFp

Score
10/10
e7e09acfdc34dcd90c788fb37ce30c63vidar

Malware Config

Extracted

Family

vidar

Version

3.5

Botnet

e7e09acfdc34dcd90c788fb37ce30c63

C2

https://steamcommunity.com/profiles/76561199497218285

https://t.me/tg_duckworld
Attributes
  • profile_id_v2

    e7e09acfdc34dcd90c788fb37ce30c63

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1580-56-0x0000000000400000-0x00000000009C4000-memory.dmp
    .exe windows x86


    Headers

    Sections