Overview

overview

10

Static

static

10

1308-136-0...ry.exe

windows7-x64

1

1308-136-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1308-136-0x0000000000400000-0x00000000034D9000-memory.dmp

  • Size

    48.8MB

  • MD5

    4c958f93f300fd75a764aa2a2030ed0a

  • SHA1

    86dfeb19598f1afec1c482ea323d89d411307f47

  • SHA256

    602776fcd3d97a9559155342fc05ffb1ef4a521c9b29a81145b5d9c2301a53df

  • SHA512

    1ee66d46ac4128c27d48af0a6db8c649995154c1bbbf1b27e3f780deba547fa8ab317a7002e3c47845d15b59be14595f92ba385d85443f7c9285c6b47070f5c6

  • SSDEEP

    6144:OBA0i2uim7rAPtf9w8zSRWBt9JPpr+hTFWzYpRh6pTD+g7u1xLPRhk:OG0iwj9w8zS4BPJPpr+tp7g0xLr

Score
10/10
0fbf69985aa0871e3eba3018a01a3c10vidar

Malware Config

Extracted

Family

vidar

Version

4.3

Botnet

0fbf69985aa0871e3eba3018a01a3c10

C2

https://steamcommunity.com/profiles/76561199514261168

https://t.me/kamaprimo
Attributes
  • profile_id_v2

    0fbf69985aa0871e3eba3018a01a3c10

  • user_agent

    Mozilla/5.0 (Linux; U; Tizen 2.0; en-us) AppleWebKit/537.1 (KHTML, like Gecko) Mobile TizenBrowser/2.0

Signatures

  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1308-136-0x0000000000400000-0x00000000034D9000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections