Behavioral task
behavioral1
Sample
1284-3-0x0000000000400000-0x0000000002D3B000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1284-3-0x0000000000400000-0x0000000002D3B000-memory.exe
Resource
win10v2004-20240221-en
General
-
Target
1284-3-0x0000000000400000-0x0000000002D3B000-memory.dmp
-
Size
41.2MB
-
MD5
c9b849c37e021e626b2831bc103e5e19
-
SHA1
0a125fb74943350b4a7e02de6ed0cdb9146f8b50
-
SHA256
8b716c83b981d6e6cbbcc5957cbe4677cfdc7747a57e6d055c6ede1328e9b072
-
SHA512
d1358c237b9f69d9384a8f878ee0273c9c15466d51ca7cf7bc434434b44448027fa9ec079c257816d6ebe0ae72eb37bbb409c50ae4a6ed2aaa37427647fc16ae
-
SSDEEP
3072:HPz4Bf0k47qmMxVs1NH89AkOaBiEWBo1nXe2XnoLGWFewOWumgUWZ3:HEx0V7gx2bH89F4ED1Xe5xjumgl
Malware Config
Extracted
vidar
7.9
c5f794e270b6d4f6ecc574f1d15043f0
https://t.me/hypergog
https://steamcommunity.com/profiles/76561199642171824
-
profile_id_v2
c5f794e270b6d4f6ecc574f1d15043f0
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Signatures
Files
-
1284-3-0x0000000000400000-0x0000000002D3B000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ