vidar | 2648-79-0x0000000000400000-0x0000000000646000-memory[.]dmp

General

Target

2648-79-0x0000000000400000-0x0000000000646000-memory.dmp
Size

2.3MB
MD5

cdcb6b62abcf42fed96ae2c311287a82
SHA1

7163c2332a6c225de2e60ccac244e7e1e94a7a4d
SHA256

0f169fd0dbd387d5a1e7df15ea4d9e3ccc7ba23c6b9f2eb475a2329deef6a6f8
SHA512

ef80ba2c1b5ed57544c4be653402cb6941f5397a5737e178ad8e894c4850e7e707a43c7fd414bae2f4214d1bc1170cd63be2d45476b72d627421dd99d80b94f2
SSDEEP

3072:5f8nGHElvZZT+4qXcHvuefUbgtvfYtgJ+rjCBUvp/HTNN:58nFlvCxBX2XYKUjUARTNN

Score

10^/10

stealer abe3e54a3613d116838d60717005f335 vidar stealc

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

9.8

Botnet

abe3e54a3613d116838d60717005f335

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Stealc family
stealc
Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2648-79-0x0000000000400000-0x0000000000646000-memory.dmp

Files

2648-79-0x0000000000400000-0x0000000000646000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 2.1MB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 2.1MB

.reloc
Size: 20KB - Virtual size: 19KB