Overview

overview

10

Static

static

10

1680-16-0x...ry.exe

windows7-x64

1680-16-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1680-16-0x0000000000400000-0x0000000000641000-memory.dmp

  • Size

    2.3MB

  • MD5

    c0f81317feaf56f8367e6386c62f0e89

  • SHA1

    62677a9542bfb806ef51de59cff40735e3094fd5

  • SHA256

    0df710a4a9f018a305df9ccfc3cc38352acac0a41329ceeb31fc0fa953d45677

  • SHA512

    9675a776892b5276a0d14ee6a3baa279a505b58d3aada99c69f4f98f49ef9c95860e2024d3034948ac39a8c11a87ea5b0bee1cefb1f6290a2e7096abf289c0c6

  • SSDEEP

    3072:+H/CDIzhlkZG+jZGZGfnzqa6rZy2zJHI4LWtwZ/fpcgeWredsagzE/EJu6o9:5IobjA8fzqa6F7HI4LWtwJCg3FFu6o9

Score
10/10
stealer8ec2fb52c719c35db88f75f8b89b4392vidar

Malware Config

Extracted

Family

vidar

Version

10.8

Botnet

8ec2fb52c719c35db88f75f8b89b4392

C2

http://147.45.68.138:80

https://steamcommunity.com/profiles/76561199761128941

https://t.me/iyigunl
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • Vidar family
    vidar
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1680-16-0x0000000000400000-0x0000000000641000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections