Overview

overview

10

Static

static

10

888-168-0x...ry.exe

windows7-x64

1

888-168-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    888-168-0x0000000000400000-0x0000000002388000-memory.dmp

  • Size

    31.5MB

  • MD5

    fcdf06aacec61f373664dc565c2f0baf

  • SHA1

    e6aa601e4197295385edb9468f6597c3574faa41

  • SHA256

    cc304451415c5235b3b90694206db7d919365849cfe2e70a346648c2e2d249c3

  • SHA512

    dbb65ad9ced79b0577895f116535aa76bd5deaa4f5bf10f787ada6a918dc145c8dcf7780a0cdf77ac0e9e2f03f5c9a22af94f1ba1830e12ce97ccc06625a028d

  • SSDEEP

    6144:uua5z4XeLqMVc2Uc1ax/QfTyuAlHKdlJZ0KAah6wu2AiEyvFRuQYI:uV5z4XPMPA/QryvodlJZ0KATyFRu+

Score
10/10
cdb48fb567690db37648afd4e1d83137vidar

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

cdb48fb567690db37648afd4e1d83137

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre
Attributes
  • profile_id_v2

    cdb48fb567690db37648afd4e1d83137

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 888-168-0x0000000000400000-0x0000000002388000-memory.dmp
    .exe windows x86


    Headers

    Sections