General
-
Target
61c8ae9a56d98e1b23591deba30b0c3df73657b1538da56255337e81338380e6
-
Size
2.1MB
-
Sample
240521-ytdzksgh9w
-
MD5
6e4c4c16eb0a8ace6eff45bbf4af78b0
-
SHA1
42f77ba20d965dd92b11b6de3daee169145ecfbd
-
SHA256
61c8ae9a56d98e1b23591deba30b0c3df73657b1538da56255337e81338380e6
-
SHA512
db8609ce4490594e576cb1c9991864ab259fa84f1879105bc10048b752605081bb42b4782cd6fcffcfc881ca75915e45e7eaba602cb2591b977f9500fbdffe53
-
SSDEEP
49152:N6uDuaS9refe4JtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9L4tIuoITsdZ
Malware Config
Extracted
stealc
Targets
-
-
Target
61c8ae9a56d98e1b23591deba30b0c3df73657b1538da56255337e81338380e6
-
Size
2.1MB
-
MD5
6e4c4c16eb0a8ace6eff45bbf4af78b0
-
SHA1
42f77ba20d965dd92b11b6de3daee169145ecfbd
-
SHA256
61c8ae9a56d98e1b23591deba30b0c3df73657b1538da56255337e81338380e6
-
SHA512
db8609ce4490594e576cb1c9991864ab259fa84f1879105bc10048b752605081bb42b4782cd6fcffcfc881ca75915e45e7eaba602cb2591b977f9500fbdffe53
-
SSDEEP
49152:N6uDuaS9refe4JtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9L4tIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-