Overview

overview

10

Static

static

10

1976-36-0x...ry.exe

windows7-x64

1976-36-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1976-36-0x00000000003E0000-0x0000000000628000-memory.dmp

  • Size

    2.3MB

  • MD5

    b9856429b737066e51906aa46636bfb5

  • SHA1

    b457521bd863516e4f495c2d70654858b0ce7d87

  • SHA256

    2997dab0552468e98fddd88adca53b158e88bc08fcc9a74bf3e45097faa08e1a

  • SHA512

    eabd7d59699a523df6e362f5d9bf490c6e507da9a36be22085a11b6631870f2e74b77c78b57ed04ef8cf3bb327b2c558ced54a0bf9d0554aeb4fd4c4963895df

  • SSDEEP

    6144:n0yehOExAmtXalIUDVj8SeUFVlIlQu0RoS:nYxANlHJ7eISQu+oS

Score
10/10
stealerupxaf458cf23e4b27326a35871876cc63d9vidar

Malware Config

Extracted

Family

vidar

Version

10.6

Botnet

af458cf23e4b27326a35871876cc63d9

C2

https://steamcommunity.com/profiles/76561199747278259

https://t.me/armad2a
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • Vidar family
    vidar
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1976-36-0x00000000003E0000-0x0000000000628000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections