General

  • Target

    1284-3-0x0000000000400000-0x0000000002D3B000-memory.dmp

  • Size

    41.2MB

  • MD5

    c9b849c37e021e626b2831bc103e5e19

  • SHA1

    0a125fb74943350b4a7e02de6ed0cdb9146f8b50

  • SHA256

    8b716c83b981d6e6cbbcc5957cbe4677cfdc7747a57e6d055c6ede1328e9b072

  • SHA512

    d1358c237b9f69d9384a8f878ee0273c9c15466d51ca7cf7bc434434b44448027fa9ec079c257816d6ebe0ae72eb37bbb409c50ae4a6ed2aaa37427647fc16ae

  • SSDEEP

    3072:HPz4Bf0k47qmMxVs1NH89AkOaBiEWBo1nXe2XnoLGWFewOWumgUWZ3:HEx0V7gx2bH89F4ED1Xe5xjumgl

Malware Config

Extracted

Family

vidar

Version

7.9

Botnet

c5f794e270b6d4f6ecc574f1d15043f0

C2

https://t.me/hypergog

https://steamcommunity.com/profiles/76561199642171824

Attributes
  • profile_id_v2

    c5f794e270b6d4f6ecc574f1d15043f0

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36

Signatures

  • Detect Vidar Stealer 1 IoCs
  • Vidar family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1284-3-0x0000000000400000-0x0000000002D3B000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections