General

  • Target

    samples.zip

  • Size

    169KB

  • MD5

    2fe43ee3e23d4b85c64957a0f5b416bf

  • SHA1

    1e6bd0de24c90fca28ba3bba97a8ef00c50d52f9

  • SHA256

    ae3d42fc9363773bf7c71b477c65294b8c66290b9d31c6e3d55207515b421b98

  • SHA512

    7447e3465e4679252227f37cbb16e13475cf6269a879f5f89025b5651c9a3834db3aa4ec01d9ef05e69d98b69b0639689d998d26079132720b3a9bbc3d0277b7

  • SSDEEP

    3072:Ae2jVnJArHtJQvwzRN6snKOkELY7ra1P5d3vrvLV9Kn8uAKIZIw9JM0Q85hCVEK:Ae2xne3cwzRN9nKOnY7rahDxdIw754n

Malware Config

Extracted

Family

vidar

Version

3.7

Botnet

4148a04e73d68a34036f16a82c1d1a47

C2

https://steamcommunity.com/profiles/76561199501059503

https://t.me/mastersbots

Attributes
  • profile_id_v2

    4148a04e73d68a34036f16a82c1d1a47

  • user_agent

    Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0

Signatures

  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • samples.zip
    .zip

    Password: infected

  • 4048932d4dd40d514feb87a71121e4fb9008fad2bead806f1f050fc797eb9baf
    .exe windows x86

    1276e2ced93ad6d3cbd7f74318530239


    Headers

    Imports

    Sections