General
-
Target
1588-56-0x0000000000400000-0x0000000000802000-memory.dmp
-
Size
4.0MB
-
MD5
4ef092db20deba176cdd79206d2e727a
-
SHA1
85a67975bf3e7ba4e4c46ee5d014238f989f9674
-
SHA256
182fe92b52e2281d10dac842dc131e02a8be1d51cdbab6b7ef62061e8d0a30e0
-
SHA512
101edebaaa9d38da7f51e56cdff711d01b6116e4a629b9753751dc04fd6189f9ca05de2401f5e670a488702675e3dfccf391d6627f8ca0b0c35358a269b34f43
-
SSDEEP
6144:EbbD2RXh9KD7EvVkr0evEcZ7/CUqjfgQlVumraVRXL0chXfoqUcWxqOO:EbuRX6D7ENiKUqDgYumrSRXL07NxNO
Score
10/10
Malware Config
Extracted
Family
vidar
Version
3.6
Botnet
78489afd9d9a4747beb445e5fb5b9c96
C2
https://steamcommunity.com/profiles/76561199499188534
https://t.me/nutalse
Attributes
-
profile_id_v2
78489afd9d9a4747beb445e5fb5b9c96
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1588-56-0x0000000000400000-0x0000000000802000-memory.dmp
Headers
Sections