vidar | 58ade81f8abeefd49c3e1d77bf7284e2ccb15e5e56622c39a5a5e98eafd61eb0 | Triage

Sharing

General

Target

58ade81f8abeefd49c3e1d77bf7284e2ccb15e5e56622c39a5a5e98eafd61eb0
Size

500KB
Sample

250121-cwhvna1pej
MD5

29d08dc04094d437a685e46db50d80a4
SHA1

6cf1d4d30fb7ddfeb97b2e5167b8f5ec69bf9b3e
SHA256

58ade81f8abeefd49c3e1d77bf7284e2ccb15e5e56622c39a5a5e98eafd61eb0
SHA512

84ddfac2abf6e546d8e7e4757262f200c528c2051a7cc92bb7a6c83adafdd0ec5e011813329745ba5589475fbecf7ae3825bf359264390978508c1c6f5ce145c
SSDEEP

12288:zA0WoeZUvaamvY7kmA7YJCMKKvTKbkL+Kawd:00XVpmQntvKKvgxBW

Score

10^/10

vidar fc0stn discovery stealer

Malware Config

Extracted

Family

vidar

Botnet

fc0stn

C2

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Targets

- Target
  
  58ade81f8abeefd49c3e1d77bf7284e2ccb15e5e56622c39a5a5e98eafd61eb0
- Size
  
  500KB
- MD5
  
  29d08dc04094d437a685e46db50d80a4
- SHA1
  
  6cf1d4d30fb7ddfeb97b2e5167b8f5ec69bf9b3e
- SHA256
  
  58ade81f8abeefd49c3e1d77bf7284e2ccb15e5e56622c39a5a5e98eafd61eb0
- SHA512
  
  84ddfac2abf6e546d8e7e4757262f200c528c2051a7cc92bb7a6c83adafdd0ec5e011813329745ba5589475fbecf7ae3825bf359264390978508c1c6f5ce145c
- SSDEEP
  
  12288:zA0WoeZUvaamvY7kmA7YJCMKKvTKbkL+Kawd:00XVpmQntvKKvgxBW
Score

10^/10

vidar fc0stn discovery stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarfc0stndiscoverystealer

behavioral2

vidarfc0stndiscoverystealer