stealc | 84da3a03933420160dd928675e81ca1e46b132aee69680e0aac5b297624ebc6d | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 10:41

Sharing

Report Analysis Logs

General

Target

file.exe
Size

359KB
MD5

6aae5ad15e0ee9da87ab30971373a029
SHA1

2dd9bf3ee10067d4c365926768e8ee9ed0a4ec3b
SHA256

84da3a03933420160dd928675e81ca1e46b132aee69680e0aac5b297624ebc6d
SHA512

aa978aa7b038fe958c97d3e8622bed7d3d914495dd4ca3c247638793a32bf788224adc55310d5f01069179711f1225c8d4c1f089fecfe88ede15b95db61ec83d
SSDEEP

6144:DagQdkTUGJXOjv5o1SDQBdmoclENDznZhnMU+YU+1P7p7K4UTi3r:mgSkTUGRODeBCEBthw+1P3Eor

Score

10^/10

stealc vidar stealer

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2036-0-0x00000000008E0000-0x000000000093E000-memory.dmp	family_vidar_v7

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2364 2036 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 2036 wrote to memory of 2364	2036	file.exe	WerFault.exe
PID 2036 wrote to memory of 2364	2036	file.exe	WerFault.exe
PID 2036 wrote to memory of 2364	2036	file.exe	WerFault.exe
PID 2036 wrote to memory of 2364	2036	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 48
2⤵
- Program crash
PID:2364

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-0-0x00000000008E0000-0x000000000093E000-memory.dmp

Filesize
376KB

Download