General
-
Target
1972-107-0x0000000000400000-0x00000000004BE000-memory.dmp
-
Size
760KB
-
MD5
add201196bdfc854ea3d819881879c41
-
SHA1
e80db221465a5a09185371f926c30fc39eac9b19
-
SHA256
c3a2b583cd3440387c32ccd8fa8af03f943688bdd2e2784a3029b12e358f6e16
-
SHA512
a02bac17d7b98a5c90542092b4d25b2ac0a0c894dbe70acc9ba4aec6a9f2e0ffa6cde4fcaf100706a19e3911570a8e98c845ca3bcaf98c39244e2d5daa811464
-
SSDEEP
6144:GBcgHq3cDh0zuao5sQyAFCx2HI8w1ih3WzqY4hAST2:GegHfDuQLFCYHT2ihzYU2
Score
10/10
Malware Config
Extracted
Family
vidar
Version
4.3
Botnet
e74b5ad2e63124e58425d1fb3ed3cd89
C2
https://steamcommunity.com/profiles/76561199514261168
https://t.me/kamaprimo
Attributes
-
profile_id_v2
e74b5ad2e63124e58425d1fb3ed3cd89
-
user_agent
Mozilla/5.0 (Linux; U; Tizen 2.0; en-us) AppleWebKit/537.1 (KHTML, like Gecko) Mobile TizenBrowser/2.0
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1972-107-0x0000000000400000-0x00000000004BE000-memory.dmp
Headers
Sections