General
-
Target
588-279-0x0000000000400000-0x000000000048C000-memory.dmp
-
Size
560KB
-
MD5
6fa5e7e2a9abafb6d83baaea2548f4d7
-
SHA1
5fef1e210b759ef97118b30f47f3924a889edd34
-
SHA256
ec870594ee0a98ba6413b262a6cd1d8c3addcfd79cadb6ce119e6725b0b24fb9
-
SHA512
43d397e5332dad2d51b1739b32b992c606cfecf3c1a5f57898366d23be3d5b2da54dd0023fbbe8c0d4f4918c803bf5b7e1d4e7eaa704a671affb208159ef2192
-
SSDEEP
12288:yl2/13vxcqRQG6KPwy44mYQ6/0hYYsKOzu:ZxcqRQGvPD4jYQbYYTOz
Score
10/10
Malware Config
Extracted
Family
vidar
Version
5.1
Botnet
d2840cabd9794f85353e1fae1cd95a0b
C2
https://t.me/tatlimark
https://steamcommunity.com/profiles/76561199536605936
Attributes
-
profile_id_v2
d2840cabd9794f85353e1fae1cd95a0b
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
588-279-0x0000000000400000-0x000000000048C000-memory.dmp
Headers
Sections