vidar | a7183db2fdb7b8exeexeexeex[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7183db2fdb7b8exeexeexeex.exe
Size

2.5MB
MD5

a7183db2fdb7b8b4a5a67cb41d3691d4
SHA1

395b491ea6304bbb3c9b4155b31f4a4898eab3e9
SHA256

42f8d9e9fa3ddd60e23dd8634b912d0f6a524f1f10544eb3e0cad63757e36645
SHA512

a3d76f4b8359a3b70a23da7260cc70f909e2d344cc3d66aa81bb6ee359db628e4fe02fb687f66f184e3c9051ee3d040f30297b7e5dc06e04bdd64a508811cd43
SSDEEP

49152:caAEolGKmQ9JRiqDrteuiUdNg4qCbMsO7Mf2XP8kGj+4sheSEN2Y9NnBAP7:x6GKmQvnVnVqCbMsO7Mf2Va+dUNtBO

Score

10^/10

05eec6add8cb72279e35b2b7391d1391 vidar

Malware Config

Extracted

Family

vidar

Version

4.3

Botnet

05eec6add8cb72279e35b2b7391d1391

C2

https://steamcommunity.com/profiles/76561199514261168

https://t.me/kamaprimo

Attributes

profile_id_v2
05eec6add8cb72279e35b2b7391d1391
user_agent
Mozilla/5.0 (Linux; U; Tizen 2.0; en-us) AppleWebKit/537.1 (KHTML, like Gecko) Mobile TizenBrowser/2.0

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7183db2fdb7b8exeexeexeex.exe

Files

a7183db2fdb7b8exeexeexeex.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 340KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE