General
-
Target
33e056fb72b509ee2320b65dc39e8fcd3c0446855df5675cc899ed6be311e354
-
Size
1.8MB
-
Sample
240523-g14p5sga99
-
MD5
a5f35c15db22b59af71ef7d874db0242
-
SHA1
80d2898cdd8d21b342a257361696c9526f437865
-
SHA256
33e056fb72b509ee2320b65dc39e8fcd3c0446855df5675cc899ed6be311e354
-
SHA512
a69587f1e7be090d6137b756e56d4f0dadf7a7ea82cda59a072a318644bb9a9c619928250e99d5d6b64b9161d0581d3c533a5415fda57ddfeafdb05a70e292fa
-
SSDEEP
24576:FBfuZfeq6sNO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFfJtTF+TxMoxc1TU+j+dAzGwlrh
Malware Config
Extracted
stealc
Targets
-
-
Target
33e056fb72b509ee2320b65dc39e8fcd3c0446855df5675cc899ed6be311e354
-
Size
1.8MB
-
MD5
a5f35c15db22b59af71ef7d874db0242
-
SHA1
80d2898cdd8d21b342a257361696c9526f437865
-
SHA256
33e056fb72b509ee2320b65dc39e8fcd3c0446855df5675cc899ed6be311e354
-
SHA512
a69587f1e7be090d6137b756e56d4f0dadf7a7ea82cda59a072a318644bb9a9c619928250e99d5d6b64b9161d0581d3c533a5415fda57ddfeafdb05a70e292fa
-
SSDEEP
24576:FBfuZfeq6sNO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFfJtTF+TxMoxc1TU+j+dAzGwlrh
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-