stealc

General

Target

0a8357cb9a1d348d1c4b4ec101f2328fd43f976803bcc360525ced55fbb9aeaf.exe
Size

349KB
Sample

240508-blcefsdb66
MD5

b9773393891d9cc471cd58cac09052dd
SHA1

784a14954c7abca7d7e2e92c60b93557238426f4
SHA256

0a8357cb9a1d348d1c4b4ec101f2328fd43f976803bcc360525ced55fbb9aeaf
SHA512

72a669e736ecfc5422a07542e15cad7d82b9ae41591f4c375e31fa4dc2d70f620b44ff19b5b6d0928aac3cf244a3143af433d47eeaa3c5c6b9968cf71d1e6848
SSDEEP

6144:Dqv0Ib3JJzx1MfjF+N33l3+YBVYjZ7eZH9PJWweK/ojy8Kkc2ivFt+0P:Gb3TEbF+13NPYd6B9lcdFBsPP

Score

10^/10

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

9.4

Botnet

ad7dbf02afc50b46afd33ddc12f41082

C2

https://steamcommunity.com/profiles/76561199680449169

https://t.me/r1g1o

Attributes

profile_id_v2
ad7dbf02afc50b46afd33ddc12f41082
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0

Targets

- Target
  
  0a8357cb9a1d348d1c4b4ec101f2328fd43f976803bcc360525ced55fbb9aeaf.exe
- Size
  
  349KB
- MD5
  
  b9773393891d9cc471cd58cac09052dd
- SHA1
  
  784a14954c7abca7d7e2e92c60b93557238426f4
- SHA256
  
  0a8357cb9a1d348d1c4b4ec101f2328fd43f976803bcc360525ced55fbb9aeaf
- SHA512
  
  72a669e736ecfc5422a07542e15cad7d82b9ae41591f4c375e31fa4dc2d70f620b44ff19b5b6d0928aac3cf244a3143af433d47eeaa3c5c6b9968cf71d1e6848
- SSDEEP
  
  6144:Dqv0Ib3JJzx1MfjF+N33l3+YBVYjZ7eZH9PJWweK/ojy8Kkc2ivFt+0P:Gb3TEbF+13NPYd6B9lcdFBsPP
Score

10^/10

stealc vidar zgrat ad7dbf02afc50b46afd33ddc12f41082 rat stealer
- Detect Vidar Stealer
  stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detect binaries embedding considerable number of MFA browser extension IDs.
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
- Detects executables containing potential Windows Defender anti-emulation checks
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detect Vidar Stealer

Detect ZGRat V1

Vidar

ZGRat

Detect binaries embedding considerable number of MFA browser extension IDs.

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Detects Windows executables referencing non-Windows User-Agents

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

Detects executables containing potential Windows Defender anti-emulation checks

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2