Behavioral task
behavioral1
Sample
1616-644-0x0000000000400000-0x0000000000465000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1616-644-0x0000000000400000-0x0000000000465000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
1616-644-0x0000000000400000-0x0000000000465000-memory.dmp
-
Size
404KB
-
MD5
042b35fd6692105da13594fe4eb06ea7
-
SHA1
13fac88c08693abd59b0477eae788b829e0918b1
-
SHA256
c577305231f1f6e83e629f32288a7044eb6a8d6742be8bde8f96827997789b3f
-
SHA512
8c4e2f7d6884bc9275650a3d17de68988fba65826988b69ed445020b4d7fd4ee189eaa953da9ef8832a43b32131fcba5889611d1222e199c94f7b1cd65c396bc
-
SSDEEP
6144:JLhLW8KrV1R/2XJtCTHI41wuBdqv2UxguUIseSq7bmhtGdr:5horV1p2XQZMv2UxguUIsG7bx
Malware Config
Extracted
vidar
5.6
7b01483643983171e949f923c5bc80e7
https://steamcommunity.com/profiles/76561199550790047
https://t.me/bonoboaz
-
profile_id_v2
7b01483643983171e949f923c5bc80e7
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/103.0.0.0
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1616-644-0x0000000000400000-0x0000000000465000-memory.dmp
Files
-
1616-644-0x0000000000400000-0x0000000000465000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 223KB - Virtual size: 222KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ