stealc | 2067bf2e9d92710e6800d8f92c56d5d8831daa9b66190d1b02afa445abf80b11 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

2067bf2e9d92710e6800d8f92c56d5d8831daa9b66190d1b02afa445abf80b11
Size

1.8MB
Sample

240523-fkc2taed7v
MD5

6a1abc77d2ae05a0bfe64a5e95f7ea0c
SHA1

15153cd0ce8e5b61632594d2c8b339d2275d03f1
SHA256

2067bf2e9d92710e6800d8f92c56d5d8831daa9b66190d1b02afa445abf80b11
SHA512

125bdbbc37227e5236a4e6fd0cc3797714134b2b22e84709d785f31043bd1724af31008077f6f0cec69e9d8f02d2f2a9182a63c62fd1d6ed05881e933da9aa73
SSDEEP

24576:FBfuZfeq6s9O6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFvJtTF+TxMoxc1TU+j+dAzGwlrh

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2067bf2e9d92710e6800d8f92c56d5d8831daa9b66190d1b02afa445abf80b11.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2067bf2e9d92710e6800d8f92c56d5d8831daa9b66190d1b02afa445abf80b11.exe

Resource

win11-20240419-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  2067bf2e9d92710e6800d8f92c56d5d8831daa9b66190d1b02afa445abf80b11
- Size
  
  1.8MB
- MD5
  
  6a1abc77d2ae05a0bfe64a5e95f7ea0c
- SHA1
  
  15153cd0ce8e5b61632594d2c8b339d2275d03f1
- SHA256
  
  2067bf2e9d92710e6800d8f92c56d5d8831daa9b66190d1b02afa445abf80b11
- SHA512
  
  125bdbbc37227e5236a4e6fd0cc3797714134b2b22e84709d785f31043bd1724af31008077f6f0cec69e9d8f02d2f2a9182a63c62fd1d6ed05881e933da9aa73
- SSDEEP
  
  24576:FBfuZfeq6s9O6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFvJtTF+TxMoxc1TU+j+dAzGwlrh
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy