vidar | 624-116-0x0000000001180000-0x0000000001725000-memory[.]dmp | Triage

Sharing

General

Target

624-116-0x0000000001180000-0x0000000001725000-memory.dmp
Size

5.6MB
MD5

494b65a8e14650cf79fb56c95d517b88
SHA1

0881aacff85a368c9bd744a99225615df8d88a95
SHA256

2d6de52c2d409ae51954c32bb0b5047963be89f54a45937aa4f01dae97c18943
SHA512

8c037eaf2f369f43a3b8bdff323b68f62506561614f1c20ec8c1e7715d6e5ccbe79ff1a2e3a7b8d9ec3e8b81f90139dcc4cb90811ab1d1ba5360088de307bb0b
SSDEEP

49152:l1gAEzhvvykh5g/A0T7IH5tw+SXdea0G8NFKYA5P:l1gAWXyk04aIfw+SQzNFKdP

Score

10^/10

stealer 6c0faa9cbe0f1e72b99db130f3477024 vidar

Malware Config

Extracted

Family

vidar

Version

7.5

Botnet

6c0faa9cbe0f1e72b99db130f3477024

C2

https://t.me/bogotatg

https://steamcommunity.com/profiles/76561199621829149

Attributes

profile_id_v2
6c0faa9cbe0f1e72b99db130f3477024
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 11_3) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
624-116-0x0000000001180000-0x0000000001725000-memory.dmp

Files

624-116-0x0000000001180000-0x0000000001725000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 42KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 917KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE