Overview

overview

10

Static

static

10

2628-81-0x...ry.exe

windows7-x64

2628-81-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2628-81-0x0000000000400000-0x0000000000645000-memory.dmp

  • Size

    2.3MB

  • MD5

    e1ba135a40dc298f731e7e075a9cf368

  • SHA1

    882accc35a6806edd6d53fc227f3d84ea98b802a

  • SHA256

    2573ceb807f2f77ba536be3e8455c73c98780e36237c5edf388aad191447dff0

  • SHA512

    d5c8e2f355b46dd92bfe357babcbe2d017aea3a716386505a1d8a81a74d11e8f6b3cd12cc77eac7b2c7576bd5bd5a98d293348d245662a8aaaf928df37e7d682

  • SSDEEP

    3072:R63hxcqVdhCibMYbRUzEPq5tT5wrkfpTYjXTtY2e0ufZTX1f:R6DRHXbVbRUYA6rsTQDtYFdXd

Score
10/10
stealere2da5861d01d391b927839bbec00e666vidar

Malware Config

Extracted

Family

vidar

Version

8.1

Botnet

e2da5861d01d391b927839bbec00e666

C2

https://steamcommunity.com/profiles/76561199649267298

https://t.me/uprizin
Attributes
  • profile_id_v2

    e2da5861d01d391b927839bbec00e666

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 OPR/96.0.0.0

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2628-81-0x0000000000400000-0x0000000000645000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections