Behavioral task
behavioral1
Sample
2956-2-0x0000000000400000-0x0000000000465000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2956-2-0x0000000000400000-0x0000000000465000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2956-2-0x0000000000400000-0x0000000000465000-memory.dmp
-
Size
404KB
-
MD5
d088515c25eafe1344c92b7edb1d9915
-
SHA1
d419aaa798156a8b27520853d3536ea62d93e54f
-
SHA256
80d48e19eee3079602f81a7a2eb7a40cb8e89586890aad73ff8bcd4c94e6b7ba
-
SHA512
e08f207d9dc2104af4347e7ee3185801b55aa062681782e87b07f37b36be2bca20660b26f0f4db918e374178075301cb8efb24a9c2838e2705bf64acb076b224
-
SSDEEP
6144:umTK+XavNsTl/UUa5PI4AFuGIe/EH1/RgwLQ6hOYDj6:uYTZoh0EH1/RgwUF
Malware Config
Extracted
vidar
5.8
c047bd4419c1fd13af26a7a801a3d6c2
https://steamcommunity.com/profiles/76561199555780195
https://t.me/solonichat
-
profile_id_v2
c047bd4419c1fd13af26a7a801a3d6c2
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2956-2-0x0000000000400000-0x0000000000465000-memory.dmp
Files
-
2956-2-0x0000000000400000-0x0000000000465000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 223KB - Virtual size: 222KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ