General
-
Target
75a414c059c9037deecff0b3438ff11bc0bd4ce9668b502263ea20ab0265bcf0
-
Size
2.0MB
-
Sample
240522-bj4e6afg4z
-
MD5
505cd3c074186e050537b91bd31a201f
-
SHA1
227b09b536de6c9c7380ec293e5b6fa563af5270
-
SHA256
75a414c059c9037deecff0b3438ff11bc0bd4ce9668b502263ea20ab0265bcf0
-
SHA512
578648e9c99138bbcb540e081a89cfa768288c88c8d36269f5761d1ab2053fdcdd636a98a76cbf077dbd5e28e0968465a831e5d90e4f5f4e3121e52658c02978
-
SSDEEP
49152:IFno/jfoJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jAtIuoITsdZT
Static task
static1
Behavioral task
behavioral1
Sample
75a414c059c9037deecff0b3438ff11bc0bd4ce9668b502263ea20ab0265bcf0.exe
Resource
win7-20231129-en
Malware Config
Extracted
stealc
Targets
-
-
Target
75a414c059c9037deecff0b3438ff11bc0bd4ce9668b502263ea20ab0265bcf0
-
Size
2.0MB
-
MD5
505cd3c074186e050537b91bd31a201f
-
SHA1
227b09b536de6c9c7380ec293e5b6fa563af5270
-
SHA256
75a414c059c9037deecff0b3438ff11bc0bd4ce9668b502263ea20ab0265bcf0
-
SHA512
578648e9c99138bbcb540e081a89cfa768288c88c8d36269f5761d1ab2053fdcdd636a98a76cbf077dbd5e28e0968465a831e5d90e4f5f4e3121e52658c02978
-
SSDEEP
49152:IFno/jfoJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jAtIuoITsdZT
-
Detect Vidar Stealer
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-