General

  • Target

    NA_NA_39ad0c2d088f35exeexe_JC.exe

  • Size

    341KB

  • MD5

    39ad0c2d088f3558c67a529a18de5d3f

  • SHA1

    be82500d63e11357a4d77f7c328f2dcf1b08907b

  • SHA256

    26920ff63ad4b1ca8b5ecd751b7369098b2602c97030ebbead8de638f8ed703b

  • SHA512

    4da60761db5f8e4ec2645352e548847b3891e9f9fe097720419f5a39cb28cc134c332e8c45a173148022953e85cd5e7207c6c11f3bdd9d5834730256c5694d58

  • SSDEEP

    6144:Bua5z4XeLqMVc2Uc1ax/QfTyuAlHKdlJd0KHah6wu2AifkTvF:BV5z4XPMPA/QryvodlJd0KHTPbF

Malware Config

Extracted

Family

vidar

Version

3.8

Botnet

6fd1caaf182edadcf065a0326ec0a161

C2

https://steamcommunity.com/profiles/76561198272578552

https://t.me/libpcre

Attributes
  • profile_id_v2

    6fd1caaf182edadcf065a0326ec0a161

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • NA_NA_39ad0c2d088f35exeexe_JC.exe
    .exe windows x86

    4897e1eeaae4c1751d91ca9b21915d51


    Headers

    Imports

    Sections