crealstealer | 08d20e9870aa598bfb01836af105778d40c41da7a421046b28b474bfa720dc2f | Triage

Submit
Reports

Overview

overview

Static

static

W.exe

windows10-2004-x64

Resubmissions

10-02-2024 08:04

240210-jyhq1ahe5w 10

08-02-2024 12:04

240208-n8ngfsee49 10

08-02-2024 11:55

240208-n3qpmaee28 10

Sharing

General

Target

W.exe
Size

15.4MB
Sample

240210-jyhq1ahe5w
MD5

10a8d72bff104e8c01501c8efecc615b
SHA1

36a8ec8597731f51d3a51fc50c123fc84e9af979
SHA256

08d20e9870aa598bfb01836af105778d40c41da7a421046b28b474bfa720dc2f
SHA512

01361f9e85378281b3637218104d222cf672fb91a6a52ed5e9d2b44148cf9e2cab000f45670a59b8acb5ab55e3ad707a116f64652f20b7b35fb34594a6c49a70
SSDEEP

393216:4u7L/sQxSdQuslQq99oWOv+9rztzMK9x:4CL0QQdQuSDorvSr5zV7

Score

10^/10

crealstealer vidar 22f834b36c39209a5fa9900aee4897e0 pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

W.exe

Resource

win10v2004-20231215-en

vidar 22f834b36c39209a5fa9900aee4897e0 spyware stealer

windows10-2004-x64

24 signatures

1800 seconds

Malware Config

Extracted

Family

vidar

Version

7.7

Botnet

22f834b36c39209a5fa9900aee4897e0

C2

https://t.me/newagev

https://steamcommunity.com/profiles/76561199631487327

Attributes

profile_id_v2
22f834b36c39209a5fa9900aee4897e0

Targets

- Target
  
  W.exe
- Size
  
  15.4MB
- MD5
  
  10a8d72bff104e8c01501c8efecc615b
- SHA1
  
  36a8ec8597731f51d3a51fc50c123fc84e9af979
- SHA256
  
  08d20e9870aa598bfb01836af105778d40c41da7a421046b28b474bfa720dc2f
- SHA512
  
  01361f9e85378281b3637218104d222cf672fb91a6a52ed5e9d2b44148cf9e2cab000f45670a59b8acb5ab55e3ad707a116f64652f20b7b35fb34594a6c49a70
- SSDEEP
  
  393216:4u7L/sQxSdQuslQq99oWOv+9rztzMK9x:4CL0QQdQuSDorvSr5zV7
Score

10^/10

vidar 22f834b36c39209a5fa9900aee4897e0 spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

vidar22f834b36c39209a5fa9900aee4897e0spywarestealer

© 2018-2025

Terms | Privacy