General
-
Target
https://gist.github.com/virraniakumf4/3ab4832ce43aac70f1ff55d99431c90c
-
Sample
241116-w9hllavrbj
Score
10/10
Malware Config
Extracted
Family
vidar
Version
11.8
Botnet
68fa61169d8a1f0521b8a06aa1f33efb
C2
https://t.me/fu4chmo
https://steamcommunity.com/profiles/76561199802540894
Attributes
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
https://gist.github.com/virraniakumf4/3ab4832ce43aac70f1ff55d99431c90c
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-