stealc | a196c14ae3a671eed1e664eeda46769128e7600bd0e4fac96beb9fecb789ea24 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

a196c14ae3a671eed1e664eeda46769128e7600bd0e4fac96beb9fecb789ea24
Size

1.8MB
Sample

240523-h4mrgahc5s
MD5

d0430790be25ce4a3a45af0553a3d057
SHA1

b2150a6adc261868c0816d089c840d1a417fe8ef
SHA256

a196c14ae3a671eed1e664eeda46769128e7600bd0e4fac96beb9fecb789ea24
SHA512

940dead6a4f44a4fca8760dc62b054261799670091d81c8cd996d2515ea85b408cdf52a33b7b0dfe409ea8e1b6e9b605ed9d2a7d67cf15828d144ba68aad4e80
SSDEEP

24576:FBfuZfeq6sdO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFPJtTF+TxMoxc1TU+j+dAzGwlrh

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a196c14ae3a671eed1e664eeda46769128e7600bd0e4fac96beb9fecb789ea24.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a196c14ae3a671eed1e664eeda46769128e7600bd0e4fac96beb9fecb789ea24.exe

Resource

win11-20240508-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  a196c14ae3a671eed1e664eeda46769128e7600bd0e4fac96beb9fecb789ea24
- Size
  
  1.8MB
- MD5
  
  d0430790be25ce4a3a45af0553a3d057
- SHA1
  
  b2150a6adc261868c0816d089c840d1a417fe8ef
- SHA256
  
  a196c14ae3a671eed1e664eeda46769128e7600bd0e4fac96beb9fecb789ea24
- SHA512
  
  940dead6a4f44a4fca8760dc62b054261799670091d81c8cd996d2515ea85b408cdf52a33b7b0dfe409ea8e1b6e9b605ed9d2a7d67cf15828d144ba68aad4e80
- SSDEEP
  
  24576:FBfuZfeq6sdO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFPJtTF+TxMoxc1TU+j+dAzGwlrh
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy