vidar

Sharing

Copy URL

Twitter E-mail

General

Target

IPTVPlayerTOP+AtlasVPN.rar
Size

15KB
Sample

250122-bb5m9azrem
MD5

68f863696b16de41cbf5f0e7ec14968d
SHA1

bfcaa52f41706d149f3ff65bccbe981eb639fbe7
SHA256

3e6a57b6588c5f28123ac53555fb31aa7cd1952762ce0ec0723265cda6cc7ebd
SHA512

2a08d8249414b60aa1952ed3f6e211792e531e629fa3cd363865118426cf80f8f55b3bc0f3942992445312abfdcfde8cca3c55b23aa25bf25bb2d10c02448b05
SSDEEP

384:qyfLeT1nNHinOqm9R3iUemIYtwBQasNjxFs0UwYq1umq:vLeTNYnARWJOKsNFFszwYq1u7

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://147.45.44.131/infopage/rwtvha.exe

exe.dropper

http://147.45.44.131/infopage/rwtvha.exe

Extracted

Family

vidar

Botnet

fc0stn

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Targets

- Target
  
  IPTVPlayerTOP+AtlasVPN.rar
- Size
  
  15KB
- MD5
  
  68f863696b16de41cbf5f0e7ec14968d
- SHA1
  
  bfcaa52f41706d149f3ff65bccbe981eb639fbe7
- SHA256
  
  3e6a57b6588c5f28123ac53555fb31aa7cd1952762ce0ec0723265cda6cc7ebd
- SHA512
  
  2a08d8249414b60aa1952ed3f6e211792e531e629fa3cd363865118426cf80f8f55b3bc0f3942992445312abfdcfde8cca3c55b23aa25bf25bb2d10c02448b05
- SSDEEP
  
  384:qyfLeT1nNHinOqm9R3iUemIYtwBQasNjxFs0UwYq1umq:vLeTNYnARWJOKsNFFszwYq1u7
Score

1^/10
behavioral1 behavioral2
- Target
  
  Description.txt
- Size
  
  6KB
- MD5
  
  8e69aceca489d24d721dafd39b77df40
- SHA1
  
  6f1d312de700f3473910dfb0cf7d9df81daa0ff8
- SHA256
  
  43b5073b0a2e6dc9c22f2ea7c85e41bf2a538ff3ee0a59cfdf363f56856528eb
- SHA512
  
  3dad6d2f66feb4fda599e443503046d3e9339033d9f86383764763b737e76b9c0e1cd8e55eae1f5fecf24230b35781905c12464c57196285b03fa9d222f5ec6a
- SSDEEP
  
  48:xOoMMMMMMMMMMM2MMMMMMMMMMrO1ibGgFp3QQBnn6G6VEUHvuGlO7igWWPIqOr4a:0/123n63VhGkG52n
Score

1^/10
behavioral3 behavioral4
- Target
  
  Setup.rar
- Size
  
  13KB
- MD5
  
  328e4fd31019c6526ca07e7b2877c163
- SHA1
  
  694004352c2d360f7260768879db399c2d945ab8
- SHA256
  
  844429cc84d4e82e492c68bbae2db4c7988b237d2a4ad3c94cca0273155b1ffb
- SHA512
  
  567c29f2d0f00e21e5004e750bbd468de634f2436ac783442b23527e24a7771d3f3910673ad0e669f6d52876dd72b517fd083a570187c8af84a4f290430867e9
- SSDEEP
  
  384:pPcte+fV/FnfqkEDJ8aP1w6go3F3WBIWEt:KRfVwfaaP1YLXq
Score

1^/10
behavioral5 behavioral6
- Target
  
  Setup/Client SDK/ODBC/170/License Terms/License_msodbcsql_ENU.txt
- Size
  
  11KB
- MD5
  
  07cf3e505b9c844de73d54d0159e55ec
- SHA1
  
  3db89b017a4ca9ed90ae1297dc25ffd7dde5df63
- SHA256
  
  c80b4a4bcc21fe489e877d8cc7b3f3cfe4943801c4bc899a0f3c82244fa0f28a
- SHA512
  
  2b954d025a2278a459445fe809d3ff425797220ed500dfac120991bc1130fbafc4d5025b790aa4d1e84d8d1897f50608b3b3d9e9c111f95bface79d8791bbd3b
- SSDEEP
  
  192:MS8fRlsLqbBDLonGehWyeusZithrBTNH5xc1eKB5wcp6aFWgHSs:MS8fRljbBnoHFeus+rpNH5+1PDDp6aFZ
Score

1^/10
behavioral7 behavioral8
- Target
  
  Setup/DAC/bin/Redist_DACFramework.txt
- Size
  
  18B
- MD5
  
  1f2cb924ab7c6c964d77c6a61098ff57
- SHA1
  
  efa42f9dc9d3c95179613c1afabd7906e86d4a42
- SHA256
  
  16f191e6355d32099b7f25945270f621bef6f92b3e5c1da178bc21e60912b470
- SHA512
  
  7aa55921af23ae4b9456cd3317391c8d8b927e266ef41a0e41c89a68798d7c53c62f730ee71977f3d465be3c8510a68e5ebabde73ea183b4c94af867daa209a7
Score

1^/10
behavioral10 behavioral9
- Target
  
  Setup/DAC/bin/en/License_DACFx.txt
- Size
  
  13KB
- MD5
  
  5331bac43e1da20a9cf5b9bd4ee4f83a
- SHA1
  
  83f5cd92320abc367e4215f98c78ecaedec5f56b
- SHA256
  
  fba02491e20b9de7ed50476145904f4a130aa2ad6de15c4e55b63368263f6fe8
- SHA512
  
  0806679ecb8c5ea459092cbf7d5b030ed41eb596399f95770f5b4e95b3a70f46b8099c29cbfab292398b0bc03e76b0ad049a29ecb49b7aff81bca84dede4d2a8
- SSDEEP
  
  192:MXeJZVu+P8Fg3AMehbVPoIszXgIBtClbZkk8Z8Sfgn82Cb3:8eJrlahxoIi1BtCnkzBfxb3
Score

1^/10
behavioral11 behavioral12
- Target
  
  Setup/License Terms/License_SQLNCLI_ENU.txt
- Size
  
  13KB
- MD5
  
  3666ab3b60d527211ba53203bef9f911
- SHA1
  
  f63f946eb36414c845b4faa826379b5d84fd8f11
- SHA256
  
  9cfec87cb1fe913126aa50811a09d34f494d9917b2958ed2b9056744aed26a35
- SHA512
  
  bb5c4515ae0fbf10094e638ac6ddd033a6c72398ded656e02448aaff77e4c5c936a7584fd66b9838e66edd5b85d0c7de3dd456422c3a0a9348b87d2b24c47eed
- SSDEEP
  
  192:8JZVu+P8MXkdg3A8ehborIKzXdIotKlSCkk8Z8SfZn82Cb3:8JrLk+KhsrIYaotKtkzBfgb3
Score

1^/10
behavioral13 behavioral14
- Target
  
  Setup/Setup-install.bat
- Size
  
  10KB
- MD5
  
  13a2664aae1f59fe0dc94ff8fb4dfa06
- SHA1
  
  a783e4b0513e16b06fa7872e454860642148957e
- SHA256
  
  7b9db02ad489193d1b9a5d7d7edc41a69cbc69d5e15d8267c2bf52a25dd434f3
- SHA512
  
  082265517a550bb06f513ddc807536de67a0c8e6531897f4b27d2772bdcbd8307541d83e4d44c9c54beb86d326367716df3dffd29d3ba35077d6afc11477ebbc
- SSDEEP
  
  48:syolccKcrr30cFmyPYlyhhcKKIcKKWjJcKz3EcKcKcKfJiPhcK6cKEl559HccG5p:oXtCZuMdpf4a
Score

10^/10

execution vidar fc0stn google discovery phishing stealer
- Detected google phishing page
  phishing google
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detected google phishing page

Vidar family

Blocklisted process makes network request

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16