Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
Pulse ID: 6a02ae6f8736a6b944d7d662
Pulse Link: https://otx.alienvault.com/pulse/6a02ae6f8736a6b944d7d662
Pulse Author: Tr1sa111
Created: 2026-05-12 04:37:03
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vidar #bot #Tr1sa111
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
A sophisticated multi-stage infection chain was identified through proactive threat hunting, beginning with the execution of MicrosoftToolkit.exe, a commonly abused hack tool. The attack employed file masquerading techniques, renaming a .dot file to .bat format to evade detection. The malware performed process discovery and attempted to terminate security-related processes before extracting payloads using extract32.exe. An AutoIt-compiled executable (Replies.scr) functioned as a loader, processing an external encrypted payload file and establishing command-and-control communication with infrastructure associated with Vidar Stealer. The malware demonstrated advanced anti-analysis capabilities, including debugger detection and instrumentation callback queries. It targeted credentials, browser data, cryptocurrency wallets, and system information. Post-execution cleanup routines deleted artifacts and terminated processes to minimize forensic evidence and evade detection, significantly complicating incident res...
Pulse ID: 6a01c2382e61b490cfa457e4
Pulse Link: https://otx.alienvault.com/pulse/6a01c2382e61b490cfa457e4
Pulse Author: AlienVault
Created: 2026-05-11 11:49:12
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #Browser #CyberSecurity #InfoSec #Malware #Microsoft #Nim #OTX #OpenThreatExchange #RAT #Vidar #bot #cryptocurrency #AlienVault
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
Pulse ID: 6a01c03c55b2d8cb451efc11
Pulse Link: https://otx.alienvault.com/pulse/6a01c03c55b2d8cb451efc11
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:40:44
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vidar #bot #CyberHunter_NL
📢 Vidar Stealer 2.0 distribué via de faux cheats de jeux sur GitHub et Reddit
📝 ## 🔍 Contexte
Publié le 24 mars 2026 par Acronis Threat Research Unit (TRU), cet article présente une analys...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-24-vidar-stealer-2-0-distribue-via-de-faux-cheats-de-jeux-sur-github-et-reddit/
🌐 source : https://www.acronis.com/en/tru/posts/vidar-stealer-20-distributed-via-fake-game-cheats-on-github-and-reddit/
#AutoIt #GitHub_abuse #Cyberveille
Мой соавтор — DeepSeek
Эта статья о моем опыте сотрудничества с DeepSeek в разработке некоторых поделок на различных языках программирования.Раньше писал на этих языках, но без помощи ИИ.
Overview AutoIt v3.3.18.0 has been released. Thanks to everyone involved in creating this release and everyone who continues to download and support AutoIt. Please use the forum to discuss any technical issues with AutoIt. History Please see these pages for release notes and any important changes to be aware of this version. Other Articles You May […]
OTX Bot
CyberVeille.ch
Habr
Ramon van Belzen
lazarusholic
