General

  • Target

    1916-103-0x0000000000400000-0x000000000046A000-memory.dmp

  • Size

    424KB

  • MD5

    97c9c3a18ece5922bcfa773dc2313593

  • SHA1

    249000d1ec8684a7cb3140286188c14795def57d

  • SHA256

    f1fdb9fb9381211639ab1f8b1edf8ddedb119320afaa55a557dfe59587af0457

  • SHA512

    7e56e39241fa440f1be08a1641bd53a58c8f3f8d2771f7144805f2153102f80606caabc619d4148b548d4a8deacda67170740007245998f0081631918d7e9d49

  • SSDEEP

    6144:UtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTV10dhh:UtUGfVwUFzRG6EQ0POfiTTL0d

Malware Config

Extracted

Family

vidar

Version

4.2

Botnet

655d9e590e95375f4ab0b3055662ab2e

C2

https://steamcommunity.com/profiles/76561199511129510

https://t.me/rechnungsbetrag

Attributes
  • profile_id_v2

    655d9e590e95375f4ab0b3055662ab2e

  • user_agent

    Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75

Signatures

  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1916-103-0x0000000000400000-0x000000000046A000-memory.dmp
    .exe windows x86


    Headers

    Sections