General
-
Target
9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d.exe
-
Size
2.1MB
-
Sample
240522-cfzhgaha4t
-
MD5
cce7a4c98202476cb31c37b50e93dae9
-
SHA1
6547c6de2a4256ec3e5409ea31fee6106fd17d2c
-
SHA256
9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d
-
SHA512
3ae818bf483833725e5cf2a8f15e1a4449f21233d71fec581d470527853b256a18a475ef7b33ec3d46624af9e8e59271fcf84bea27eb3ac3f3ccd08814d017f1
-
SSDEEP
49152:N6uDuaS9refukJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9TktIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
Targets
-
-
Target
9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d.exe
-
Size
2.1MB
-
MD5
cce7a4c98202476cb31c37b50e93dae9
-
SHA1
6547c6de2a4256ec3e5409ea31fee6106fd17d2c
-
SHA256
9bf701fa1bfe9f06c262e262bd6e32fce87d195c6e0ede25dd1e8339bde1b39d
-
SHA512
3ae818bf483833725e5cf2a8f15e1a4449f21233d71fec581d470527853b256a18a475ef7b33ec3d46624af9e8e59271fcf84bea27eb3ac3f3ccd08814d017f1
-
SSDEEP
49152:N6uDuaS9refukJtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9TktIuoITsdZ
-
Detect Vidar Stealer
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-