vidar | 212-0-0x0000000000400000-0x0000000000429000-memory[.]dmp

General

Target

212-0-0x0000000000400000-0x0000000000429000-memory.dmp
Size

164KB
MD5

444553031db8781ea574530c23b80d87
SHA1

bfcc0cd902ee7d844c9c6feafe732bdde2b0ed4b
SHA256

3b6e6dd6f6f60ee84cac63e5bb842f23fe982bf0bf6ffed7b39fc44101ec196f
SHA512

564c07337bf63a23a5aad15f22e9917aeb076e21be85973651598ff4ac79ff43ed6273b3a4845bb4807ca6b72783d83a0ec1027c9632d03b519002ec182f4037
SSDEEP

3072:aVvH8RuVrLyEj/S2CUGACcceJd/klDHa/R8mxu3s8Q6Gu:KH8RuRLlzgUd6a/Asl6Gu

Score

10^/10

stealer c466785b3a34d7b3c4d6db04a068b664 vidar

Malware Config

Extracted

Family

vidar

Version

13.5

Botnet

c466785b3a34d7b3c4d6db04a068b664

C2

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
212-0-0x0000000000400000-0x0000000000429000-memory.dmp

Files

212-0-0x0000000000400000-0x0000000000429000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 6KB - Virtual size: 8KB

.00cfg Size: 512B - Virtual size: 8B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 6KB - Virtual size: 8KB

.00cfg
Size: 512B - Virtual size: 8B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 4KB - Virtual size: 3KB