General
-
Target
a5ab3633d41509db0d29ff1236e81a6cbf3756f3a4ec3cced1e63b858232a76b
-
Size
2.0MB
-
Sample
240520-2q9hvsag8y
-
MD5
d57e7837d66f9b4cfeb2565b476a281e
-
SHA1
503dac4727eb8b6242f3ab89a6fdf607271843a5
-
SHA256
a5ab3633d41509db0d29ff1236e81a6cbf3756f3a4ec3cced1e63b858232a76b
-
SHA512
13fd27797feaa40a75ebcb4c81fc08dfd933a280f03ccaea893cdf24642589144e5dc2d4a2e9b11131ee71e935e49b9d306ec6ce7d265014ef7ad00c6a516c28
-
SSDEEP
49152:IFno/jfwJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jotIuoITsdZT
Static task
static1
Behavioral task
behavioral1
Sample
a5ab3633d41509db0d29ff1236e81a6cbf3756f3a4ec3cced1e63b858232a76b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Targets
-
-
Target
a5ab3633d41509db0d29ff1236e81a6cbf3756f3a4ec3cced1e63b858232a76b
-
Size
2.0MB
-
MD5
d57e7837d66f9b4cfeb2565b476a281e
-
SHA1
503dac4727eb8b6242f3ab89a6fdf607271843a5
-
SHA256
a5ab3633d41509db0d29ff1236e81a6cbf3756f3a4ec3cced1e63b858232a76b
-
SHA512
13fd27797feaa40a75ebcb4c81fc08dfd933a280f03ccaea893cdf24642589144e5dc2d4a2e9b11131ee71e935e49b9d306ec6ce7d265014ef7ad00c6a516c28
-
SSDEEP
49152:IFno/jfwJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jotIuoITsdZT
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-