Overview

overview

10

Static

static

10

2044-54-0x...ry.exe

windows7-x64

2044-54-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2044-54-0x00000000003C0000-0x00000000009E7000-memory.dmp

  • Size

    6.2MB

  • MD5

    c704e23fecad2043aabd7367b113df9e

  • SHA1

    a384d7ee22e2eb7441a796cef384bdc1e208a78d

  • SHA256

    906126ea00df5586b8cce4da5347ab9fd081b245b26ec592da822e42fef67a95

  • SHA512

    8e75390f8700bd7e5528fb8c3b1a706a15d8048fff1cfa938de71431e08f262b6a5519d0b8de708dbb81c83b7e4d35458f33054f691706f0120fe87641f304d3

  • SSDEEP

    98304:qlVVTikfONDUwBO5EUftelV9oSzd02elyHdUzT0elFEJmZ3ksgPtcTTtig+9B9Q:eV9jfUatqVWSm/yHd84eN9g6

Score
10/10
vmprotectbc730fff484789f7a109d0ff3ef71135vidar

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

bc730fff484789f7a109d0ff3ef71135

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre
Attributes
  • profile_id_v2

    bc730fff484789f7a109d0ff3ef71135

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

  • Vidar family
    vidar
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2044-54-0x00000000003C0000-0x00000000009E7000-memory.dmp
    .exe windows x86


    Headers

    Sections