vidar | e4b94bbbc90229ebdfc4a28028890d73fc085f460e9dac460bb4192417b4d7d3 | Triage

Resubmissions

20-01-2025 22:03

250120-1ye4js1pgl 10

20-01-2025 21:44

250120-1lsh4s1kbj 10

Sharing

General

Target

index.ps1.ps1
Size

34B
Sample

250120-1ye4js1pgl
MD5

d83c49ed6318ba5e402c311cd7e55c3f
SHA1

50520860840fab9b9aebf90b3e16f2466613d5d0
SHA256

e4b94bbbc90229ebdfc4a28028890d73fc085f460e9dac460bb4192417b4d7d3
SHA512

eb747e268fde9971416c156267a17a698e0a10209b48a75b2b77987fadc496b82e18e8441ccaac854feb37d828868e70469e45c4549db8587e01d171fc444e10

Score

10^/10

vidar fc0stn discovery execution stealer

Malware Config

Extracted

Family

vidar

Botnet

fc0stn

C2

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Targets

- Target
  
  index.ps1.ps1
- Size
  
  34B
- MD5
  
  d83c49ed6318ba5e402c311cd7e55c3f
- SHA1
  
  50520860840fab9b9aebf90b3e16f2466613d5d0
- SHA256
  
  e4b94bbbc90229ebdfc4a28028890d73fc085f460e9dac460bb4192417b4d7d3
- SHA512
  
  eb747e268fde9971416c156267a17a698e0a10209b48a75b2b77987fadc496b82e18e8441ccaac854feb37d828868e70469e45c4549db8587e01d171fc444e10
Score

10^/10

vidar fc0stn discovery execution stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarfc0stndiscoveryexecutionstealer