General

  • Target

    2956-2-0x0000000000400000-0x0000000000465000-memory.dmp

  • Size

    404KB

  • MD5

    d088515c25eafe1344c92b7edb1d9915

  • SHA1

    d419aaa798156a8b27520853d3536ea62d93e54f

  • SHA256

    80d48e19eee3079602f81a7a2eb7a40cb8e89586890aad73ff8bcd4c94e6b7ba

  • SHA512

    e08f207d9dc2104af4347e7ee3185801b55aa062681782e87b07f37b36be2bca20660b26f0f4db918e374178075301cb8efb24a9c2838e2705bf64acb076b224

  • SSDEEP

    6144:umTK+XavNsTl/UUa5PI4AFuGIe/EH1/RgwLQ6hOYDj6:uYTZoh0EH1/RgwUF

Malware Config

Extracted

Family

vidar

Version

5.8

Botnet

c047bd4419c1fd13af26a7a801a3d6c2

C2

https://steamcommunity.com/profiles/76561199555780195

https://t.me/solonichat

Attributes
  • profile_id_v2

    c047bd4419c1fd13af26a7a801a3d6c2

  • user_agent

    Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36

Signatures

  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2956-2-0x0000000000400000-0x0000000000465000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections