vidar | 2328-3-0x0000000000290000-0x000000000104C000-memory[.]dmp

General

Target

2328-3-0x0000000000290000-0x000000000104C000-memory.dmp
Size

13.7MB
MD5

cc2472ad47a6d1e47e287359eb85ac19
SHA1

db2d0d1c53c5b19aa6eea70d7854ae09bb5ce105
SHA256

dd1328beaf259b64ae7d4a2c18c9d2561d732b8a9015e0967cdc38c651d32889
SHA512

1b06cfe37071ed283fa08bab08c281ed3f88fc238cc00219c4cbee13ad01758571b56423348b92163c2189aa7cfed4a06e4d44d08fbd4bfba3063e727d326d6a
SSDEEP

196608:8R7Voq+Te2yIhxT/h8PDG3qHYaQaA+pSeZVijoH9egJfjFumVjbRZ8W:8hVV+oIhi8KYJ0x9HjbRZ8W

Score

10^/10

stealer b04533ad3d11c9398985823d3ccaaa49 vidar

Malware Config

Extracted

Family

vidar

Version

7.9

Botnet

b04533ad3d11c9398985823d3ccaaa49

C2

https://t.me/hypergog

https://steamcommunity.com/profiles/76561199642171824

Attributes

profile_id_v2
b04533ad3d11c9398985823d3ccaaa49
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2328-3-0x0000000000290000-0x000000000104C000-memory.dmp

Files

2328-3-0x0000000000290000-0x000000000104C000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<›…
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.<›…
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¬®
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¬®
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¬®
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 967KB - Virtual size: 967KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 121KB

.rdata Size: - Virtual size: 45KB

.data Size: - Virtual size: 2.1MB

.<›… Size: - Virtual size: 1.5MB

.<›… Size: - Virtual size: 1.9MB

.vmp¬® Size: - Virtual size: 1.5MB

.vmp¬® Size: 1024B - Virtual size: 960B

.vmp¬® Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 967KB - Virtual size: 967KB

.text
Size: - Virtual size: 121KB

.rdata
Size: - Virtual size: 45KB

.data
Size: - Virtual size: 2.1MB

.<›…
Size: - Virtual size: 1.5MB

.<›…
Size: - Virtual size: 1.9MB

.vmp¬®
Size: - Virtual size: 1.5MB

.vmp¬®
Size: 1024B - Virtual size: 960B

.vmp¬®
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 967KB - Virtual size: 967KB