stealc

General

Target

9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d.exe
Size

2.1MB
Sample

240522-cfzhgaha4t
MD5

cce7a4c98202476cb31c37b50e93dae9
SHA1

6547c6de2a4256ec3e5409ea31fee6106fd17d2c
SHA256

9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d
SHA512

3ae818bf483833725e5cf2a8f15e1a4449f21233d71fec581d470527853b256a18a475ef7b33ec3d46624af9e8e59271fcf84bea27eb3ac3f3ccd08814d017f1
SSDEEP

49152:N6uDuaS9refukJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9TktIuoITsdZ

Score

10^/10

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d.exe
- Size
  
  2.1MB
- MD5
  
  cce7a4c98202476cb31c37b50e93dae9
- SHA1
  
  6547c6de2a4256ec3e5409ea31fee6106fd17d2c
- SHA256
  
  9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d
- SHA512
  
  3ae818bf483833725e5cf2a8f15e1a4449f21233d71fec581d470527853b256a18a475ef7b33ec3d46624af9e8e59271fcf84bea27eb3ac3f3ccd08814d017f1
- SSDEEP
  
  49152:N6uDuaS9refukJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9TktIuoITsdZ
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Detect binaries embedding considerable number of MFA browser extension IDs.
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
- Detects executables containing potential Windows Defender anti-emulation checks
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2