stealc | 499d3fe234fccd8978cdc7263b54f719464050cd7e633ce6a64ee4acda9f67d0 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

499d3fe234fccd8978cdc7263b54f719464050cd7e633ce6a64ee4acda9f67d0
Size

1.8MB
Sample

240523-f4sllsfb4y
MD5

abe4e9fa070e244608de5b4399b4a68b
SHA1

1fd797344cf1f2a5eb5d5caefe3af74716c0909e
SHA256

499d3fe234fccd8978cdc7263b54f719464050cd7e633ce6a64ee4acda9f67d0
SHA512

1f5d1c4e06c718cb3aa0fdeffdbffc08cf9d1f7b9f4c68a282413f58d167b2ba4f849b0ebd69aef778f6f0cb13c71eaa73cc277f5597e9abef29f920ab054a3d
SSDEEP

24576:FBfuZfeq6sBO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFLJtTF+TxMoxc1TU+j+dAzGwlrh

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

499d3fe234fccd8978cdc7263b54f719464050cd7e633ce6a64ee4acda9f67d0.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

499d3fe234fccd8978cdc7263b54f719464050cd7e633ce6a64ee4acda9f67d0.exe

Resource

win11-20240508-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  499d3fe234fccd8978cdc7263b54f719464050cd7e633ce6a64ee4acda9f67d0
- Size
  
  1.8MB
- MD5
  
  abe4e9fa070e244608de5b4399b4a68b
- SHA1
  
  1fd797344cf1f2a5eb5d5caefe3af74716c0909e
- SHA256
  
  499d3fe234fccd8978cdc7263b54f719464050cd7e633ce6a64ee4acda9f67d0
- SHA512
  
  1f5d1c4e06c718cb3aa0fdeffdbffc08cf9d1f7b9f4c68a282413f58d167b2ba4f849b0ebd69aef778f6f0cb13c71eaa73cc277f5597e9abef29f920ab054a3d
- SSDEEP
  
  24576:FBfuZfeq6sBO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFLJtTF+TxMoxc1TU+j+dAzGwlrh
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy