General
-
Target
79a8a05cc8390c81d05a519f362fda1cbc145907867c85b2a819c8dcb6660aaa
-
Size
1.8MB
-
Sample
240523-l29p1acf52
-
MD5
1881e115a57a40aa86493f5424972c04
-
SHA1
9ea6315817acb0f6a5e226f7482d1b8735b07133
-
SHA256
79a8a05cc8390c81d05a519f362fda1cbc145907867c85b2a819c8dcb6660aaa
-
SHA512
70e0b4f60514035f003797ff475cfd4693367bef4d3326dfc402da564b8d8317db816c81dd24679a302cf484718e705943907fff2a20930f419c2631285bd0bd
-
SSDEEP
24576:FBfuZfeq6sdO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFPJtTF+TxMoxc1TU+j+dAzGwlrh
Malware Config
Extracted
stealc
Targets
-
-
Target
79a8a05cc8390c81d05a519f362fda1cbc145907867c85b2a819c8dcb6660aaa
-
Size
1.8MB
-
MD5
1881e115a57a40aa86493f5424972c04
-
SHA1
9ea6315817acb0f6a5e226f7482d1b8735b07133
-
SHA256
79a8a05cc8390c81d05a519f362fda1cbc145907867c85b2a819c8dcb6660aaa
-
SHA512
70e0b4f60514035f003797ff475cfd4693367bef4d3326dfc402da564b8d8317db816c81dd24679a302cf484718e705943907fff2a20930f419c2631285bd0bd
-
SSDEEP
24576:FBfuZfeq6sdO6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFPJtTF+TxMoxc1TU+j+dAzGwlrh
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-