Overview

overview

10

Static

static

10

1832-62-0x...ry.exe

windows7-x64

3

1832-62-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1832-62-0x0000000000400000-0x000000000046A000-memory.dmp

  • Size

    424KB

  • MD5

    c5e4decd51f4800edebc43aa00f1321d

  • SHA1

    e09172fd288d826f5e98f516d2e281da02dddd41

  • SHA256

    88aa3bcd5cea5b4d1edf23f07229a11dd9e476e9dca6175633c478d4c9d314c9

  • SHA512

    125cdb740a6b5298bb5fb021f57d0caf9cc00b01760c4e4ce6a3056b2c2e3ac94c3f34d292d71f292e88d04e787ce2081e24b3f64676d799d1065cf4c59912d7

  • SSDEEP

    6144:y9XMgWCxEV+JM6FhWbkQm8GEPkiU23dSFAiDD1TsuhTEAZ:iMgWCxzJMvzGKki/3giiDBTs4

Score
10/10
3a85713b3d5d1b920c3b568392c6a89avidar

Malware Config

Extracted

Family

vidar

Version

4.2

Botnet

3a85713b3d5d1b920c3b568392c6a89a

C2

https://steamcommunity.com/profiles/76561199511129510

https://t.me/rechnungsbetrag
Attributes
  • profile_id_v2

    3a85713b3d5d1b920c3b568392c6a89a

  • user_agent

    Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75

Signatures

  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1832-62-0x0000000000400000-0x000000000046A000-memory.dmp
    .exe windows x86


    Headers

    Sections