General
-
Target
https://amssh.co/file.exe
-
Sample
250418-yfjynsttcx
Score
10/10
Malware Config
Extracted
Family
vidar
Version
13.5
Botnet
c466785b3a34d7b3c4d6db04a068b664
C2
https://t.me/v00rd
https://steamcommunity.com/profiles/76561199846773220
Attributes
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Targets
-
-
Target
https://amssh.co/file.exe
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-