vidar | 2508-8-0x0000000000400000-0x0000000000645000-memory[.]dmp

General

Target

2508-8-0x0000000000400000-0x0000000000645000-memory.dmp
Size

2.3MB
MD5

8e19626f0fa3fce7520d7a762be22ce7
SHA1

a99afccb9a84dc26379662b267d59765bce4700f
SHA256

35db7a6855cc0c39bd487e6436d3b0013f54ab0e055a375fa0fdeda4af3a89ba
SHA512

4be0e28c39cc24222224329197a5531c1e4b9d3ce1a5e238175a6b2b69edd01ac3534206537460fe390ce0d06a8298a4750891592f2e877a1ce3ad6a1ac627cd
SSDEEP

3072:0z63TZcqNNrry1kYGpQ7EwaRA1kI7cEjL44fZiCR61K:0z6Vxvy1NGpQgoz7PL7xi

Score

10^/10

Family

vidar

Version

8

Botnet

08109f27e07d3765804411ff9d579338

C2

https://steamcommunity.com/profiles/76561199644883218

https://t.me/neoschats

Attributes

profile_id_v2
08109f27e07d3765804411ff9d579338
user_agent
Mozilla/5.0 (Linux; Android 11; M2102J20SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Mobile Safari/537.36 EdgA/97.0.1072.78

Detect Vidar Stealer 1 IoCs
stealer

Processes:

resource yara_rule

sample family_vidar_v7
Vidar family
vidar

resource	yara_rule
sample	family_vidar_v7

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2508-8-0x0000000000400000-0x0000000000645000-memory.dmp