Overview

overview

10

Static

static

10

2536-9-0x0...ry.exe

windows7-x64

2536-9-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2536-9-0x0000000000400000-0x0000000000644000-memory.dmp

  • Size

    2.3MB

  • MD5

    e9db60687916455193190d4ca2a9335c

  • SHA1

    78e6a44a10bc2a33c1cd38650ad08d30abaea4fe

  • SHA256

    7bb1809cc36632be5157f1650926d5e6dd85ef373754e765b45b97da57b67ef2

  • SHA512

    af227f8e2b997120dda6ce351b5df02504db902612585912cd62f52df240097ba47fba8acfb7ac02f847af0c26aa93176bc1d8996a8df557fc25d549e10f4841

  • SSDEEP

    3072:PTflPf+8sptha5JuxyBhWZq9phbGN7Rqv2lf:P5P2dzOJuxYQe4xYvC

Score
10/10
stealeraa2e2e94c456b90a61eb47ba9d0c2074vidar

Malware Config

Extracted

Family

vidar

Version

8.4

Botnet

aa2e2e94c456b90a61eb47ba9d0c2074

C2

https://steamcommunity.com/profiles/76561199654112719

https://t.me/r2d0s
Attributes
  • profile_id_v2

    aa2e2e94c456b90a61eb47ba9d0c2074

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2536-9-0x0000000000400000-0x0000000000644000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections