stealc | 53bd2c768909ff79fa0a51c66d069cd8e032854934e4e3fd78f6b7f2ad740b7e | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

53bd2c768909ff79fa0a51c66d069cd8e032854934e4e3fd78f6b7f2ad740b7e
Size

1.8MB
Sample

240523-fb9z7aeb6z
MD5

58770eb5bedf4fc2dab2db6ddc290c04
SHA1

4f6389348b0d50171081cd0aeb67eead61b9ab3a
SHA256

53bd2c768909ff79fa0a51c66d069cd8e032854934e4e3fd78f6b7f2ad740b7e
SHA512

db37949bed7994ba7f0383bc4a664716b8cbd6f340173284fd9b996018210e18983e0c31542f19f41aa5a643890914b5cec57fe004b3d535e404c7c2def7a938
SSDEEP

24576:FBfuZfeq6slO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qF3JtTF+TxMoxc1TU+j+dAzGwlrh

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53bd2c768909ff79fa0a51c66d069cd8e032854934e4e3fd78f6b7f2ad740b7e.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

53bd2c768909ff79fa0a51c66d069cd8e032854934e4e3fd78f6b7f2ad740b7e.exe

Resource

win11-20240426-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  53bd2c768909ff79fa0a51c66d069cd8e032854934e4e3fd78f6b7f2ad740b7e
- Size
  
  1.8MB
- MD5
  
  58770eb5bedf4fc2dab2db6ddc290c04
- SHA1
  
  4f6389348b0d50171081cd0aeb67eead61b9ab3a
- SHA256
  
  53bd2c768909ff79fa0a51c66d069cd8e032854934e4e3fd78f6b7f2ad740b7e
- SHA512
  
  db37949bed7994ba7f0383bc4a664716b8cbd6f340173284fd9b996018210e18983e0c31542f19f41aa5a643890914b5cec57fe004b3d535e404c7c2def7a938
- SSDEEP
  
  24576:FBfuZfeq6slO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qF3JtTF+TxMoxc1TU+j+dAzGwlrh
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy