General
-
Target
5056-249-0x0000000000400000-0x0000000000461000-memory.dmp
-
Size
388KB
-
MD5
f37e151fd70d1abdc272d45f16fef8b6
-
SHA1
1df49d8b88fbf8c846c8a3d2a11c42d17b57f56c
-
SHA256
49114d379b73fcb21a46046a87fce5951d08e9ab072af35aa825ee13b1416564
-
SHA512
9d0818d197fdc624748b28e1ca394369df23e6c07b47565f4aa3c48dc3c3322de4be39d89cb8d9d6ed878586fb2eafab7ee0269ed6e09c347768d6e15ac2a5e0
-
SSDEEP
6144:mAp4p89LFwaC7aTkp51fk00ke4H0Ih2Ukbn:mhpkNU5kDke4Hjq
Score
10/10
Malware Config
Extracted
Family
vidar
Version
1.9
Botnet
19
C2
https://t.me/travelticketshop
https://steamcommunity.com/profiles/76561199469016299
http://65.109.190.87:80
Attributes
-
profile_id
19
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
5056-249-0x0000000000400000-0x0000000000461000-memory.dmp
Headers
Sections