Overview

overview

10

Static

static

10

2540-68-0x...ry.exe

windows7-x64

3

2540-68-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2540-68-0x0000000000400000-0x0000000000648000-memory.dmp

  • Size

    2.3MB

  • MD5

    a4cb9ce4c56d15e03c8d17f14cf0d8f7

  • SHA1

    7424383944cc3c5cc1330e7d854cdbae8c32f706

  • SHA256

    4ca484feb75253efa4d0ef8eb81f48f71ed73b97ab275d0843dacb110061e054

  • SHA512

    16d20b7ee8cfa260aa431da0910f2149f61a78144621bc62ee2b88e5b36975fb39386fdfd0ad56370e3a85633ad03ebd33a04d2feaf4cd4e530f1e630b20a875

  • SSDEEP

    3072:B6g3bwNMJgdJ11Em1JVa0x7+0NVmiHoM8fmNfU0PXMTZ4uYCowZEjy:Ug3bgMJGfDaa7z9/8CzXkZlZEjy

Score
10/10
stealervidarstealc

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/memve4erin

https://steamcommunity.com/profiles/76561199699680841
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • Stealc family
    stealc
  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2540-68-0x0000000000400000-0x0000000000648000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections