General
-
Target
98548553b0f07b01c917a3c94f3dc88ebcd856b7c7b6ef1cd1c51051f83efc6b
-
Size
2.0MB
-
Sample
240522-2dkc7sbc5w
-
MD5
e0a64ce738c511638a9daaf1c9049475
-
SHA1
30c3234419fcd5489ef6a6eb2310ed1441de9c44
-
SHA256
98548553b0f07b01c917a3c94f3dc88ebcd856b7c7b6ef1cd1c51051f83efc6b
-
SHA512
4970812501ea327631f5930005c918bd464bc0d40d953db92065826287d2afaad82ff5196952f444939ef14508d7f371f1affd63bf7340c466ec0fbae7d36334
-
SSDEEP
49152:7QzHt472DmJtTF+TxMoxc1TU+j+dAzGwlrh:7QzHtItIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
98548553b0f07b01c917a3c94f3dc88ebcd856b7c7b6ef1cd1c51051f83efc6b.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Targets
-
-
Target
98548553b0f07b01c917a3c94f3dc88ebcd856b7c7b6ef1cd1c51051f83efc6b
-
Size
2.0MB
-
MD5
e0a64ce738c511638a9daaf1c9049475
-
SHA1
30c3234419fcd5489ef6a6eb2310ed1441de9c44
-
SHA256
98548553b0f07b01c917a3c94f3dc88ebcd856b7c7b6ef1cd1c51051f83efc6b
-
SHA512
4970812501ea327631f5930005c918bd464bc0d40d953db92065826287d2afaad82ff5196952f444939ef14508d7f371f1affd63bf7340c466ec0fbae7d36334
-
SSDEEP
49152:7QzHt472DmJtTF+TxMoxc1TU+j+dAzGwlrh:7QzHtItIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-