vidar | 2972-0-0x00000000008D0000-0x0000000000F93000-memory[.]dmp

General

Target

2972-0-0x00000000008D0000-0x0000000000F93000-memory.dmp
Size

6.8MB
MD5

f681a3c698bbe7fdb3873a612f171dc3
SHA1

8a22d7fb3fd279c77ad1be6c2af710576e47ad70
SHA256

185f0577e2a81259e15dde7d9bf43f10429bab766278caa29cf86c58f111a19f
SHA512

b8f3d3c085316939d3376f36b7519c37a5fc49a963aae14fa399cd5e8f786496f81a35979b233f0bad59a78a6f0734435a013ec909d0bea6ac054baa6e72c193
SSDEEP

49152:YtCfdAJJwW4jYWVW/8XDJgZjcgH2YJkYxPj0n4XuRx0dLDp9+Wlbz1jiAkBAbdUT:YtsAT/8zOcyrtXu70JnZxji/BAbdS

Score

10^/10

stealer 32496ae0032d8cf6a9ae8bcc38eb2fd8 vidar stealc

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

10

Botnet

32496ae0032d8cf6a9ae8bcc38eb2fd8

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Stealc family
stealc
Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2972-0-0x00000000008D0000-0x0000000000F93000-memory.dmp

Files

2972-0-0x00000000008D0000-0x0000000000F93000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpn��
Size: - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpn��
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpn��
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 135KB

.rdata Size: - Virtual size: 45KB

.data Size: - Virtual size: 2.1MB

.vmpn�� Size: - Virtual size: 1022KB

.vmpn�� Size: 1024B - Virtual size: 808B

.vmpn�� Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1.1MB

.text
Size: - Virtual size: 135KB

.rdata
Size: - Virtual size: 45KB

.data
Size: - Virtual size: 2.1MB

.vmpn��
Size: - Virtual size: 1022KB

.vmpn��
Size: 1024B - Virtual size: 808B

.vmpn��
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1.1MB