General
-
Target
5040-394-0x0000000000400000-0x000000000046F000-memory.dmp
-
Size
444KB
-
MD5
980c30b0d48c4c6f8ae108ee055d371d
-
SHA1
45e44a3ae97b5917a7f77a7c8f1385dbb15dd301
-
SHA256
817336974f93ddddeab5bc784ba54c4d58b71eeeb29bdf2de16d808a37037875
-
SHA512
e3a238d56b98316da93b6bb61d923bc2dc22be723c03b4cbe70420e6bac0fb155055e1f5ebc7c54be38cc7c497da4c8ce4e010d930ace6784e8ed21070b78b68
-
SSDEEP
6144:O2+XqGAdyvA944aSL0g7SLjxhDOfeNROhykO6J5IUUbepA:O2+XqUvA92/gGLjzDqeNROhA6Tbp
Score
10/10
Malware Config
Extracted
Family
vidar
Version
5.2
Botnet
35aa2808fb90f9e9dac907e1be77f310
C2
https://t.me/odyssey_tg
https://steamcommunity.com/profiles/76561199541261200
Attributes
-
profile_id_v2
35aa2808fb90f9e9dac907e1be77f310
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.30 (KHTML, like Gecko) Chrome/115.0.1.0 Safari/537.30
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
5040-394-0x0000000000400000-0x000000000046F000-memory.dmp
Headers
Sections