General
-
Target
ab8a1c4cd0900427759f61233d6a79abe403a85d6467e2f8f596c1b950b74acd
-
Size
2.0MB
-
Sample
240524-11xflsda77
-
MD5
5eb63bfedf53c81afce2b09946ec4494
-
SHA1
e0391d72664acaa955cc9b1471f05e7b4c26e47d
-
SHA256
ab8a1c4cd0900427759f61233d6a79abe403a85d6467e2f8f596c1b950b74acd
-
SHA512
8ff69748f80f110028be5945fc6ec787ea3669f2cf50276d2a76e2cbcb84d481e3aa0e0a1b0f8d98fac9fd5d8899d8608184defe985084cae32407c285e58350
-
SSDEEP
49152:s4K3x1vUWJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18WtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
ab8a1c4cd0900427759f61233d6a79abe403a85d6467e2f8f596c1b950b74acd.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
ab8a1c4cd0900427759f61233d6a79abe403a85d6467e2f8f596c1b950b74acd
-
Size
2.0MB
-
MD5
5eb63bfedf53c81afce2b09946ec4494
-
SHA1
e0391d72664acaa955cc9b1471f05e7b4c26e47d
-
SHA256
ab8a1c4cd0900427759f61233d6a79abe403a85d6467e2f8f596c1b950b74acd
-
SHA512
8ff69748f80f110028be5945fc6ec787ea3669f2cf50276d2a76e2cbcb84d481e3aa0e0a1b0f8d98fac9fd5d8899d8608184defe985084cae32407c285e58350
-
SSDEEP
49152:s4K3x1vUWJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18WtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-