Behavioral task
behavioral1
Sample
1916-103-0x0000000000400000-0x000000000046A000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1916-103-0x0000000000400000-0x000000000046A000-memory.exe
Resource
win10v2004-20230221-en
General
-
Target
1916-103-0x0000000000400000-0x000000000046A000-memory.dmp
-
Size
424KB
-
MD5
97c9c3a18ece5922bcfa773dc2313593
-
SHA1
249000d1ec8684a7cb3140286188c14795def57d
-
SHA256
f1fdb9fb9381211639ab1f8b1edf8ddedb119320afaa55a557dfe59587af0457
-
SHA512
7e56e39241fa440f1be08a1641bd53a58c8f3f8d2771f7144805f2153102f80606caabc619d4148b548d4a8deacda67170740007245998f0081631918d7e9d49
-
SSDEEP
6144:UtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTV10dhh:UtUGfVwUFzRG6EQ0POfiTTL0d
Malware Config
Extracted
vidar
4.2
655d9e590e95375f4ab0b3055662ab2e
https://steamcommunity.com/profiles/76561199511129510
https://t.me/rechnungsbetrag
-
profile_id_v2
655d9e590e95375f4ab0b3055662ab2e
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1916-103-0x0000000000400000-0x000000000046A000-memory.dmp
Files
-
1916-103-0x0000000000400000-0x000000000046A000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 249KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ