General
-
Target
8a6fcbbaeba40a7708df130f0537981cf3e5a0e812afcb3ebc46a319d3abe0ae
-
Size
1.8MB
-
Sample
240523-hcc3ysgd86
-
MD5
12f7cf374e153af525a37e7157e11c10
-
SHA1
3231c4dc99f5d72ec6c0fc4af94e47384ddda8d3
-
SHA256
8a6fcbbaeba40a7708df130f0537981cf3e5a0e812afcb3ebc46a319d3abe0ae
-
SHA512
f3a48045330be8ac9b3b5e591d4037de4401463840df33a75bd30f6ce39d9f86f4ec691a97241efc01edf54ccd2db0983319f390a614efab76bace8941f0b01e
-
SSDEEP
24576:FBfuZfeq6sxO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFbJtTF+TxMoxc1TU+j+dAzGwlrh
Malware Config
Extracted
stealc
Targets
-
-
Target
8a6fcbbaeba40a7708df130f0537981cf3e5a0e812afcb3ebc46a319d3abe0ae
-
Size
1.8MB
-
MD5
12f7cf374e153af525a37e7157e11c10
-
SHA1
3231c4dc99f5d72ec6c0fc4af94e47384ddda8d3
-
SHA256
8a6fcbbaeba40a7708df130f0537981cf3e5a0e812afcb3ebc46a319d3abe0ae
-
SHA512
f3a48045330be8ac9b3b5e591d4037de4401463840df33a75bd30f6ce39d9f86f4ec691a97241efc01edf54ccd2db0983319f390a614efab76bace8941f0b01e
-
SSDEEP
24576:FBfuZfeq6sxO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFbJtTF+TxMoxc1TU+j+dAzGwlrh
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-