General
-
Target
1692-54-0x00000000004B0000-0x0000000000522000-memory.dmp
-
Size
456KB
-
MD5
9043514b546947fdb62209ffd3698ec5
-
SHA1
bce5a3e50b1a9cde808a601fd2f7a46e6f22b1a6
-
SHA256
238915abbc22294c1f91d82991e483f75b80b45de32c5173fc21c6276963f9c2
-
SHA512
a41509643e776a2ec4665bdba2a54c970f42799e4915e083464495fc9fad6bb617353c2503ef0e3737623f2653a8d58da8f410b3b6fb4d2ac0396a2a7ee54e23
-
SSDEEP
6144:pE5rmeyANprN69Mu4h23hvnYIvqXo7f8IUKP/8SwfhDV9FUVSNm:pE5rmdANp6MdsdnkXOPU8/8SuhDV9aj
Score
10/10
Malware Config
Extracted
Family
vidar
Version
2.4
Botnet
897
C2
https://t.me/gurutist
https://steamcommunity.com/profiles/76561199476091435
http://95.216.164.28:80
Attributes
-
profile_id
897
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1692-54-0x00000000004B0000-0x0000000000522000-memory.dmp
Headers
Sections