General
-
Target
9b64f7e2da35e9ebfdcdb5cd59c20c22f0e6b9d76a7bb7977223641cc6fb049d
-
Size
1.8MB
-
Sample
240523-gv511sfh83
-
MD5
da1f953ac24cdfec86011d4e9eb5a897
-
SHA1
83915672f7d8b92170627bd7bab7cac358a8457a
-
SHA256
9b64f7e2da35e9ebfdcdb5cd59c20c22f0e6b9d76a7bb7977223641cc6fb049d
-
SHA512
0447bf4c1065963218788b73ea07ab3b14585785df9f1fccc758408bfa38e08ffaa29cfb4a16cea6897ec85302abdfb6b152b135830fd8ba3c54513a807598c2
-
SSDEEP
24576:FBfuZfeq6sVO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFHJtTF+TxMoxc1TU+j+dAzGwlrh
Malware Config
Extracted
stealc
Targets
-
-
Target
9b64f7e2da35e9ebfdcdb5cd59c20c22f0e6b9d76a7bb7977223641cc6fb049d
-
Size
1.8MB
-
MD5
da1f953ac24cdfec86011d4e9eb5a897
-
SHA1
83915672f7d8b92170627bd7bab7cac358a8457a
-
SHA256
9b64f7e2da35e9ebfdcdb5cd59c20c22f0e6b9d76a7bb7977223641cc6fb049d
-
SHA512
0447bf4c1065963218788b73ea07ab3b14585785df9f1fccc758408bfa38e08ffaa29cfb4a16cea6897ec85302abdfb6b152b135830fd8ba3c54513a807598c2
-
SSDEEP
24576:FBfuZfeq6sVO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFHJtTF+TxMoxc1TU+j+dAzGwlrh
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-