General
-
Target
1eda8bb6918fa03d2c4a8a0a8b3dcdc103529a2584e72a794764db21dd579fcc
-
Size
2.0MB
-
Sample
240522-24tdssce75
-
MD5
ad83c901293c414734bd92cd47babe3a
-
SHA1
89165208134c4bbe9fb2ccf4bd7f5af316f2a19c
-
SHA256
1eda8bb6918fa03d2c4a8a0a8b3dcdc103529a2584e72a794764db21dd579fcc
-
SHA512
5c41b6210999a1bb451c614ced3e00f83798f5a1d937f82cef46f52057779ef30f91f8c667ff9dd24966f1073db9ee45eca2745579b399cd8be05d47d6d27439
-
SSDEEP
49152:7QzHt472DtJtTF+TxMoxc1TU+j+dAzGwlrh:7QzHt7tIuoITsdZ
Malware Config
Extracted
stealc
Targets
-
-
Target
1eda8bb6918fa03d2c4a8a0a8b3dcdc103529a2584e72a794764db21dd579fcc
-
Size
2.0MB
-
MD5
ad83c901293c414734bd92cd47babe3a
-
SHA1
89165208134c4bbe9fb2ccf4bd7f5af316f2a19c
-
SHA256
1eda8bb6918fa03d2c4a8a0a8b3dcdc103529a2584e72a794764db21dd579fcc
-
SHA512
5c41b6210999a1bb451c614ced3e00f83798f5a1d937f82cef46f52057779ef30f91f8c667ff9dd24966f1073db9ee45eca2745579b399cd8be05d47d6d27439
-
SSDEEP
49152:7QzHt472DtJtTF+TxMoxc1TU+j+dAzGwlrh:7QzHt7tIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-