Overview

overview

10

Static

static

10

1608-138-0...ry.exe

windows7-x64

3

1608-138-0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1608-138-0x00000000010A0000-0x0000000001116000-memory.dmp

  • Size

    472KB

  • MD5

    d0b8092f4df6e7a2f98db456c5c010ad

  • SHA1

    962ec0be3b1a1efaf40750fa8956a6975927a719

  • SHA256

    ef44927bffc58d3f90e274d1654dcdb24cfe78dabac2e4ce28a798ac7965a98c

  • SHA512

    b5b21788d3534351c5416a8e933f814a9a8d1304042f77045da3d7a171eba500b8078b31e4e3b5a05a2dad3d7a6117945af1b873e9ff08903209ebaec9bdb516

  • SSDEEP

    12288:jAJimGA0vaJkps+2rmILafjEp1DiPDIn:mYA0va6pc3afjyiPD

Score
10/10
3cfc9fefd81f869739a6003b27a51d67vidar

Malware Config

Extracted

Family

vidar

Version

4.5

Botnet

3cfc9fefd81f869739a6003b27a51d67

C2

https://steamcommunity.com/profiles/76561199520592470

https://t.me/motafan
Attributes
  • profile_id_v2

    3cfc9fefd81f869739a6003b27a51d67

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0

Signatures

  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1608-138-0x00000000010A0000-0x0000000001116000-memory.dmp
    .exe windows x86


    Headers

    Sections