General

  • Target

    67ce4c64ef21d45c21bea19ad3fd022c2629332fbb3a91f8452f7357a049c7d0

  • Size

    290KB

  • Sample

    240511-hw34gsfc69

  • MD5

    ad9f7ab4360b83380d9431c32142959a

  • SHA1

    8b4b9fd7f560bde7d50a374fdecdaf330b1a299d

  • SHA256

    67ce4c64ef21d45c21bea19ad3fd022c2629332fbb3a91f8452f7357a049c7d0

  • SHA512

    19737b77f892b062c5b9e13b22d53c4adb253e0b48e72d74360bed9bc72790e3e440ed9f630a459bc7c6eaf80cfec82ee8aab6f668ed1ed226dd75932be1f00c

  • SSDEEP

    6144:dVz3Cm0evQ12Y2fLE3JFwYxYrad8e1rLQEYMkj5kLn1iVgfsRiP:ddsev632fLE3J2YQelLHY/Nqn13soP

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

9.6

Botnet

681a223bec180ebfdc48547d3d5bd784

C2

https://steamcommunity.com/profiles/76561199681720597

https://t.me/talmatin

Attributes
  • profile_id_v2

    681a223bec180ebfdc48547d3d5bd784

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0

Targets

    • Target

      9ca6f73f7f915ad1b27b1e3901c5d89ff829f9cd146812077fa1c2e295338ce8.exe

    • Size

      363KB

    • MD5

      ea0081722a86c3016aa249262483c7ca

    • SHA1

      c6fe97dc6211dcbd732619a11f7a525b800765e4

    • SHA256

      9ca6f73f7f915ad1b27b1e3901c5d89ff829f9cd146812077fa1c2e295338ce8

    • SHA512

      e03e5077b5ecd2991e87589f133c84a991853caf507476d6b385a2977789296225cce347d71fe836a03fccf71054d56e24cdc8bd4aeee6e1bb0f14e624cf3089

    • SSDEEP

      6144:pZPllhS4qdxjPxUUsTl0+ruzXgU+t8YY6FZZFWKM+MsMk91EknZcHZmmKU:zt/SNRezujgUM8YhPFWKM+MsMaVZcHxh

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks