vidar | b99fa29a917eb26f7dd60427f9d4e261e95e06354e570b0e7f7c759672b9ebe7 | Triage

Submit
Reports

Overview

overview

Static

static

3

data-Setup.7z

windows10-ltsc 2021-x64

Sharing

General

Target

data-Setup.7z
Size

116.3MB
Sample

250120-2jhfsssqev
MD5

3152ed0815d3eb095c6e9c8469d99b77
SHA1

addf193abcafc1d6099b787ae7be873c79b4f365
SHA256

b99fa29a917eb26f7dd60427f9d4e261e95e06354e570b0e7f7c759672b9ebe7
SHA512

b7eae4d1cd9c6c3edce37f2601e1f3528689d459c1780558a17ccaa770d189f6413f6b51105dac595d3afb9d95a28c24b7e5a7d0bdcdfd3cb1788fe672e918b4
SSDEEP

3145728:+bjzx3kP0uuE0SWwn8lkUXljGeHS4RG9MGbVOKHntLCJCIXrd:Yz9kP0ut0Pwno1jGeySG9JVgJCIXrd

Score

10^/10

vidar fc0stn discovery execution stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

data-Setup.7z

Resource

win10ltsc2021-20250113-en

vidar fc0stn discovery execution stealer upx

windows10-ltsc 2021-x64

21 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://micfriosogprodnorthghostcom.top/kjgkjlKLkjfjkrhjHRGHKLNMREJGHKJnlGKL3454345BFJKKJnVBEKERJKRGEGREGRGERGERWBFDGGBTfgfbergsc4334ggd/lice

exe.dropper

https://micfriosogprodnorthghostcom.top/kjgkjlKLkjfjkrhjHRGHKLNMREJGHKJnlGKL3454345BFJKKJnVBEKERJKRGEGREGRGERGERWBFDGGBTfgfbergsc4334ggd/lice

Extracted

Family

vidar

Botnet

fc0stn

C2

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Targets

- Target
  
  data-Setup.7z
- Size
  
  116.3MB
- MD5
  
  3152ed0815d3eb095c6e9c8469d99b77
- SHA1
  
  addf193abcafc1d6099b787ae7be873c79b4f365
- SHA256
  
  b99fa29a917eb26f7dd60427f9d4e261e95e06354e570b0e7f7c759672b9ebe7
- SHA512
  
  b7eae4d1cd9c6c3edce37f2601e1f3528689d459c1780558a17ccaa770d189f6413f6b51105dac595d3afb9d95a28c24b7e5a7d0bdcdfd3cb1788fe672e918b4
- SSDEEP
  
  3145728:+bjzx3kP0uuE0SWwn8lkUXljGeHS4RG9MGbVOKHntLCJCIXrd:Yz9kP0ut0Pwno1jGeySG9JVgJCIXrd
Score

10^/10

vidar fc0stn discovery execution stealer upx
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarfc0stndiscoveryexecutionstealerupx

© 2018-2025

Terms | Privacy