General
-
Target
1304-148-0x0000000000400000-0x00000000006A8000-memory.dmp
-
Size
2.7MB
-
MD5
d2caac745b4e01c274407fea3aca1722
-
SHA1
98c6b24dbbdd9ef5cf39204589a133704f0d13fb
-
SHA256
3271216e21517f4756cc6465c6fe0247aed73368ffbbf1b21bb1d00cb512a7f9
-
SHA512
87b21f6d2ae9ceaff5783f726e6669244e5fff095ae7a69e74cb847776bb2ee4cc132cb4d2a68344122609d42d6cc7891d879ec2da80c71ed90082c39a160fa4
-
SSDEEP
6144:Ye/h0TMPIRSVfGXb195t8v9+uSA9fn1ybNJQFaGB6hV2AirdUZ://hNgMx4t88vkf1CNJQFFBSJ
Score
10/10
Malware Config
Extracted
Family
vidar
Version
4
Botnet
1a17cbbfddb273b0a3e99fb9be4c848a
C2
https://steamcommunity.com/profiles/76561199508624021
https://t.me/looking_glassbot
Attributes
-
profile_id_v2
1a17cbbfddb273b0a3e99fb9be4c848a
-
user_agent
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1304-148-0x0000000000400000-0x00000000006A8000-memory.dmp
Headers
Sections