Overview

overview

10

Static

static

3

2025-01-21...ch.exe

windows7-x64

10

2025-01-21...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-21_84f475322583d100b54b10b06ba85fe1_frostygoop_poet-rat_snatch

  • Size

    5.9MB

  • Sample

    250121-rrwchsylhq

  • MD5

    84f475322583d100b54b10b06ba85fe1

  • SHA1

    1c2256390adbb01d9c6237dd86bd59feebade65a

  • SHA256

    c904bc128478ddeb180655f7bf75014a9af5daa6d157e610b2565764a8503caa

  • SHA512

    d39949f9cbcc4900b9084f097b3351bfe7c656c6b723b1c85312349d5c724259d80fe1b20d62f2388cd36496041003439bef8c5fcc8326a467535cc03c648962

  • SSDEEP

    49152:eoNrBMzhZyXLhpVWGaTkuu6LS95HKyUJTjFwQgLlON2WwwOFnvVJiX76emx4La9U:ecMt4X3VWGe1SiJog2WWsSE

Score
10/10
vidarfc0stndiscoverystealer

Malware Config

Extracted

Family

vidar

Botnet

fc0stn

C2

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Targets

    • Target

      2025-01-21_84f475322583d100b54b10b06ba85fe1_frostygoop_poet-rat_snatch

    • Size

      5.9MB

    • MD5

      84f475322583d100b54b10b06ba85fe1

    • SHA1

      1c2256390adbb01d9c6237dd86bd59feebade65a

    • SHA256

      c904bc128478ddeb180655f7bf75014a9af5daa6d157e610b2565764a8503caa

    • SHA512

      d39949f9cbcc4900b9084f097b3351bfe7c656c6b723b1c85312349d5c724259d80fe1b20d62f2388cd36496041003439bef8c5fcc8326a467535cc03c648962

    • SSDEEP

      49152:eoNrBMzhZyXLhpVWGaTkuu6LS95HKyUJTjFwQgLlON2WwwOFnvVJiX76emx4La9U:ecMt4X3VWGe1SiJog2WWsSE

    Score
    10/10
    vidarfc0stndiscoverystealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks