General
-
Target
09ad84f8dde519aa02e92ffce896f55271105ceaab7e0f0a1f1ca9fee90650ff.exe
-
Size
377KB
-
Sample
240503-bjcx7sbc3z
-
MD5
1a6b4d357d1b8bab80524e40be1b2698
-
SHA1
70961ace92a0ebfdb38ae27a22181fb5a4f7d440
-
SHA256
09ad84f8dde519aa02e92ffce896f55271105ceaab7e0f0a1f1ca9fee90650ff
-
SHA512
67484dcb04fc15b09b88679fd3ac860991cebe97c07a27bf9e425e8277def7f61d244690ee582c2be72d0dda3fa486b53382f3e3ad368602d176c5f72a77de67
-
SSDEEP
6144:NqW5NIK5m09C0h5t4mnNpZO+Ua2PsQxDnK6gDelK88JqeGq0DLt+7SHo:8W5NIYF4mnZO+Ua2zxDnKrZJqtHLt+mI
Malware Config
Extracted
stealc
Extracted
vidar
9.3
03cea2609023d13f145ac6c5dc897112
https://steamcommunity.com/profiles/76561199680449169
https://t.me/r1g1o
-
profile_id_v2
03cea2609023d13f145ac6c5dc897112
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
Targets
-
-
Target
09ad84f8dde519aa02e92ffce896f55271105ceaab7e0f0a1f1ca9fee90650ff.exe
-
Size
377KB
-
MD5
1a6b4d357d1b8bab80524e40be1b2698
-
SHA1
70961ace92a0ebfdb38ae27a22181fb5a4f7d440
-
SHA256
09ad84f8dde519aa02e92ffce896f55271105ceaab7e0f0a1f1ca9fee90650ff
-
SHA512
67484dcb04fc15b09b88679fd3ac860991cebe97c07a27bf9e425e8277def7f61d244690ee582c2be72d0dda3fa486b53382f3e3ad368602d176c5f72a77de67
-
SSDEEP
6144:NqW5NIK5m09C0h5t4mnNpZO+Ua2PsQxDnK6gDelK88JqeGq0DLt+7SHo:8W5NIYF4mnZO+Ua2zxDnKrZJqtHLt+mI
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Suspicious use of SetThreadContext
-