vidar | 3e6a57b6588c5f28123ac53555fb31aa7cd1952762ce0ec0723265cda6cc7ebd | Triage

Sharing

General

Target

IPTVPlayerTOP+AtlasVPN.rar
Size

15KB
Sample

250122-bbpa9szmbs
MD5

68f863696b16de41cbf5f0e7ec14968d
SHA1

bfcaa52f41706d149f3ff65bccbe981eb639fbe7
SHA256

3e6a57b6588c5f28123ac53555fb31aa7cd1952762ce0ec0723265cda6cc7ebd
SHA512

2a08d8249414b60aa1952ed3f6e211792e531e629fa3cd363865118426cf80f8f55b3bc0f3942992445312abfdcfde8cca3c55b23aa25bf25bb2d10c02448b05
SSDEEP

384:qyfLeT1nNHinOqm9R3iUemIYtwBQasNjxFs0UwYq1umq:vLeTNYnARWJOKsNFFszwYq1u7

Score

10^/10

vidar fc0stn discovery execution stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://147.45.44.131/infopage/rwtvha.exe

exe.dropper

http://147.45.44.131/infopage/rwtvha.exe

Extracted

Family

vidar

Botnet

fc0stn

C2

https://t.me/w0ctzn

https://steamcommunity.com/profiles/76561199817305251

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Targets

- Target
  
  Setup/Setup-install.bat
- Size
  
  10KB
- MD5
  
  13a2664aae1f59fe0dc94ff8fb4dfa06
- SHA1
  
  a783e4b0513e16b06fa7872e454860642148957e
- SHA256
  
  7b9db02ad489193d1b9a5d7d7edc41a69cbc69d5e15d8267c2bf52a25dd434f3
- SHA512
  
  082265517a550bb06f513ddc807536de67a0c8e6531897f4b27d2772bdcbd8307541d83e4d44c9c54beb86d326367716df3dffd29d3ba35077d6afc11477ebbc
- SSDEEP
  
  48:syolccKcrr30cFmyPYlyhhcKKIcKKWjJcKz3EcKcKcKfJiPhcK6cKEl559HccG5p:oXtCZuMdpf4a
Score

10^/10

vidar fc0stn discovery execution stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidarfc0stndiscoveryexecutionstealer