General
-
Target
2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2
-
Size
1.8MB
-
Sample
240523-ggelxafe7t
-
MD5
e32e58ceac06cb2a19b34aa8e4d758fa
-
SHA1
96de9b6c74226a74bbb4cf414bc30118e080a17a
-
SHA256
2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2
-
SHA512
af0859d4c293cc97541f42cf325b4b19145036ec515eb19c76e2c27cf761ec9e3f69ef23804d9cf6d12263f01ad6820d8b86a097721cbc9b80e9a6b5dba000d5
-
SSDEEP
24576:FBfuZfeq6sJO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFTJtTF+TxMoxc1TU+j+dAzGwlrh
Malware Config
Extracted
stealc
Targets
-
-
Target
2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2
-
Size
1.8MB
-
MD5
e32e58ceac06cb2a19b34aa8e4d758fa
-
SHA1
96de9b6c74226a74bbb4cf414bc30118e080a17a
-
SHA256
2f5c9195bdae334a58000ec35d3551f6f20ca56d203f5a916d75131ea30953e2
-
SHA512
af0859d4c293cc97541f42cf325b4b19145036ec515eb19c76e2c27cf761ec9e3f69ef23804d9cf6d12263f01ad6820d8b86a097721cbc9b80e9a6b5dba000d5
-
SSDEEP
24576:FBfuZfeq6sJO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFTJtTF+TxMoxc1TU+j+dAzGwlrh
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-