General
-
Target
3372-162-0x0000000000400000-0x000000000046B000-memory.dmp
-
Size
428KB
-
MD5
c6b389d7bcfbe34e4e4f874b620e11f6
-
SHA1
0f5ac5237f24ed5a36ae988321414acb89df3706
-
SHA256
f88f2dcde344a8f301831281dfeffa8498a50220144ce425aaf290c2534c3847
-
SHA512
99d1b6eef922899737dfb3cb782719e849ab1f88d29a8c0d0caa44f2f69ccce4f4efd1728b0e486bc348af5a228a45c91e4dfea8e4636272c8d787189c713571
-
SSDEEP
6144:Wua5z4XeLqMVc2Uc1ax/QfTyuAlHKdlJP0Kwah6wu2Ai0qvF:WV5z4XPMPA/QryvodlJP0KwTOF
Score
10/10
Malware Config
Extracted
Family
vidar
Version
3.8
Botnet
f0d0fa75b9c300db3c7327fb02dd22ae
C2
https://steamcommunity.com/profiles/76561198272578552
https://t.me/libpcre
Attributes
-
profile_id_v2
f0d0fa75b9c300db3c7327fb02dd22ae
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7
Signatures
-
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3372-162-0x0000000000400000-0x000000000046B000-memory.dmp
Headers
Sections