Overview

overview

10

Static

static

10

948-55-0x0...ry.exe

windows7-x64

1

948-55-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    948-55-0x0000000000400000-0x0000000000520000-memory.dmp

  • Size

    1.1MB

  • MD5

    e16f0750039b579b848848e1e1652bec

  • SHA1

    1a143f5dd33f90cf0ee75c238bc5197114ffab9d

  • SHA256

    fa541f8177d656fcf649444537b58eaff9b6097142f5c1439728e98a720e8790

  • SHA512

    4843a9f2c67fb02288670faabe0fdb6ce0dc33e764df5bfdf6af8c3e4825b3eac9256e4929eede449d6d1394758000476845e69288aa0188c2f520d53dc07734

  • SSDEEP

    12288:n0Ht9Tp+l0EqE1can/HVk0bXr5OjRPXSvvhkpoPX3/9:k7TEKScWy0bXrwjR/ukpoPl

Score
10/10
stealer237vidar

Malware Config

Extracted

Family

vidar

Version

9

Botnet

237

C2

http://hotticketsale.com/

Attributes
  • profile_id

    237

Signatures

  • Vidar Stealer 1 IoCs
    stealer
  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 948-55-0x0000000000400000-0x0000000000520000-memory.dmp
    .exe windows x86


    Headers

    Sections