stealc | 688be43c5df4f384feb809364feaf42a64988128bf8e873c3f7a3e31ab23d85a | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

688be43c5df4f384feb809364feaf42a64988128bf8e873c3f7a3e31ab23d85a
Size

2.0MB
Sample

240522-zg6z9sga25
MD5

d360ab70d33011e92130c42526f09a87
SHA1

3336a3fb67eaecc85734cfed1ad18fae79f6409d
SHA256

688be43c5df4f384feb809364feaf42a64988128bf8e873c3f7a3e31ab23d85a
SHA512

9632ccacc5c85983fe57f72c766fcc39decf99601c6e8c51b05c78ba76bd5a8f57a6e9a3bab8272138edef7b0f094317c398b79cb20cac1be377bc54863b2c77
SSDEEP

49152:7QzHt472DAJtTF+TxMoxc1TU+j+dAzGwlrh:7QzHt6tIuoITsdZ

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

688be43c5df4f384feb809364feaf42a64988128bf8e873c3f7a3e31ab23d85a.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

688be43c5df4f384feb809364feaf42a64988128bf8e873c3f7a3e31ab23d85a.exe

Resource

win11-20240426-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  688be43c5df4f384feb809364feaf42a64988128bf8e873c3f7a3e31ab23d85a
- Size
  
  2.0MB
- MD5
  
  d360ab70d33011e92130c42526f09a87
- SHA1
  
  3336a3fb67eaecc85734cfed1ad18fae79f6409d
- SHA256
  
  688be43c5df4f384feb809364feaf42a64988128bf8e873c3f7a3e31ab23d85a
- SHA512
  
  9632ccacc5c85983fe57f72c766fcc39decf99601c6e8c51b05c78ba76bd5a8f57a6e9a3bab8272138edef7b0f094317c398b79cb20cac1be377bc54863b2c77
- SSDEEP
  
  49152:7QzHt472DAJtTF+TxMoxc1TU+j+dAzGwlrh:7QzHt6tIuoITsdZ
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy