General
-
Target
4936-263-0x0000000000400000-0x000000000081A000-memory.dmp
-
Size
4.1MB
-
MD5
42777a5f88fa0841af62ef0c08fd62fc
-
SHA1
c53f075d8a2868c1d18f8276cefb8a79aed824a5
-
SHA256
0e4d0f9b81da0205e754f78e7f5e175038e8e8977b7d73b1738c564b2813d0a3
-
SHA512
456bcf10ed2cee568fb853ed1ad26f292234231f0f19b015eaaad788ac4793c2bf482e64d1ee2a829a98ccdfa0bf8812ae8ea86e0b83892a63c49e8f59747a4e
-
SSDEEP
6144:CDZmBlZ87p0vRhZ/u8AfjVO0M9qm9YfTjOYRLXhMN6gMpHbe4:CDZmBi0BA7g0Wqm9AjOYRLaFMpHq4
Score
10/10
Malware Config
Extracted
Family
vidar
Version
3.4
Botnet
e749025c61b2caca10aa829a9e1a65a1
C2
https://steamcommunity.com/profiles/76561199494593681
https://t.me/auftriebs
Attributes
-
profile_id_v2
e749025c61b2caca10aa829a9e1a65a1
-
user_agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4936-263-0x0000000000400000-0x000000000081A000-memory.dmp
Headers
Sections