General
-
Target
cb2911ac6c8d023c719709787a3c4fbb44d3f2b5a07a7dd8c4727cff44ce106c
-
Size
2.0MB
-
Sample
240524-1pfzgsce73
-
MD5
5f0a33f1d64e3bce395a5307d821d2c7
-
SHA1
74b9b6f266d3a24d10e64d2973068b26a155bd76
-
SHA256
cb2911ac6c8d023c719709787a3c4fbb44d3f2b5a07a7dd8c4727cff44ce106c
-
SHA512
c6453d1c34ccb33e41e0d3454e0582977a80baa85f1f1c20125fc7ad04b5dfc32c3d94dad575a87c5ac895adbf493acee7377cd56b04df5a4edb5aa7e75a0695
-
SSDEEP
49152:s4K3x1vUiJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18itIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
cb2911ac6c8d023c719709787a3c4fbb44d3f2b5a07a7dd8c4727cff44ce106c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
cb2911ac6c8d023c719709787a3c4fbb44d3f2b5a07a7dd8c4727cff44ce106c
-
Size
2.0MB
-
MD5
5f0a33f1d64e3bce395a5307d821d2c7
-
SHA1
74b9b6f266d3a24d10e64d2973068b26a155bd76
-
SHA256
cb2911ac6c8d023c719709787a3c4fbb44d3f2b5a07a7dd8c4727cff44ce106c
-
SHA512
c6453d1c34ccb33e41e0d3454e0582977a80baa85f1f1c20125fc7ad04b5dfc32c3d94dad575a87c5ac895adbf493acee7377cd56b04df5a4edb5aa7e75a0695
-
SSDEEP
49152:s4K3x1vUiJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18itIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-