vidar | 2192-0-0x0000000000980000-0x0000000001047000-memory[.]dmp

General

Target

2192-0-0x0000000000980000-0x0000000001047000-memory.dmp
Size

6.8MB
MD5

63cccf569a7cb71ab083fbfd40fb5577
SHA1

c0f776d5659604833facb8b1f876fc517589bbd2
SHA256

b98d5c238c4241f2e893fa6d91dee27d830fe271cef415f55d536db8ea9829f4
SHA512

5d382a021291108ec80331d5c2d8056dc393936ba4442284f1e7a6160700552c8929751d3de448234c75531e2d9090b0f0d79fcb90127670194c264ef75d7c71
SSDEEP

98304:nCz11w2qfGxwpp1PMh92D2m8lOLzubifTq:m1wGW1PMhHm8YLJT

Score

10^/10

stealer 6d71b3eaa9eb039ff9101688321d6008 vidar stealc

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

10

Botnet

6d71b3eaa9eb039ff9101688321d6008

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Stealc family
stealc
Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2192-0-0x0000000000980000-0x0000000001047000-memory.dmp

Files

2192-0-0x0000000000980000-0x0000000001047000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpn��
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpn��
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpn��
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 135KB

.rdata Size: - Virtual size: 45KB

.data Size: - Virtual size: 2.1MB

.vmpn�� Size: - Virtual size: 1.0MB

.vmpn�� Size: 1024B - Virtual size: 808B

.vmpn�� Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1.1MB

.text
Size: - Virtual size: 135KB

.rdata
Size: - Virtual size: 45KB

.data
Size: - Virtual size: 2.1MB

.vmpn��
Size: - Virtual size: 1.0MB

.vmpn��
Size: 1024B - Virtual size: 808B

.vmpn��
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1.1MB