ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash f360d1285dafeecee7017cf50a531623e2526145331614fc010d2f361e34a83a.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1775103
IOC: f360d1285dafeecee7017cf50a531623e2526145331614fc010d2f361e34a83a
IOC Type :sha256_hash
Threat Type :payload
Malware: Vidar
Confidence Level : Confidence level is high (100%)
Is compromised? : False
First seen:2026-03-25 06:41:25 UTC
Last seen:never
UUID:a9334085-27be-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:ClickFix Loader steganography Vidar

Avatar
Lenny_3BO
Vidar Stealer .NET loader (XOR_Loader). Extracts payload from embedded BMP via XOR steganography (key "1111"). Process hollows into notepad.exe. Delivered via PowerShell ClickFix chain.