General

  • Target

    2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2

  • Size

    1.8MB

  • Sample

    240523-ggelxafe7t

  • MD5

    e32e58ceac06cb2a19b34aa8e4d758fa

  • SHA1

    96de9b6c74226a74bbb4cf414bc30118e080a17a

  • SHA256

    2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2

  • SHA512

    af0859d4c293cc97541f42cf325b4b19145036ec515eb19c76e2c27cf761ec9e3f69ef23804d9cf6d12263f01ad6820d8b86a097721cbc9b80e9a6b5dba000d5

  • SSDEEP

    24576:FBfuZfeq6sJO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFTJtTF+TxMoxc1TU+j+dAzGwlrh

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

    • Target

      2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2

    • Size

      1.8MB

    • MD5

      e32e58ceac06cb2a19b34aa8e4d758fa

    • SHA1

      96de9b6c74226a74bbb4cf414bc30118e080a17a

    • SHA256

      2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2

    • SHA512

      af0859d4c293cc97541f42cf325b4b19145036ec515eb19c76e2c27cf761ec9e3f69ef23804d9cf6d12263f01ad6820d8b86a097721cbc9b80e9a6b5dba000d5

    • SSDEEP

      24576:FBfuZfeq6sJO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFTJtTF+TxMoxc1TU+j+dAzGwlrh

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks