General
-
Target
2754fc321433381d7f1b85193a0624191f560f3b4890bb68bccc7e285aa3a26f
-
Size
2.4MB
-
Sample
240524-dp3rxsbb57
-
MD5
7167fa2cb81b782e182f066af70b0e0c
-
SHA1
c4b975d85ceaf023cee1864599b97d3ae9260ece
-
SHA256
2754fc321433381d7f1b85193a0624191f560f3b4890bb68bccc7e285aa3a26f
-
SHA512
9cf654ca3fd03f6d389289019ab6c1e09307ece98f443f7f13e3e26e1d4a3c3c05f42ba522e38e399cc340d1adc6bc84c11d10779c9b0b48b972cac4b64c763c
-
SSDEEP
49152:jxIRJF1HL+VdX68kU6JtTF+TxMoxc1TU+j+dAzGwlrh:jEJF16dX68d6tIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
2754fc321433381d7f1b85193a0624191f560f3b4890bb68bccc7e285aa3a26f
-
Size
2.4MB
-
MD5
7167fa2cb81b782e182f066af70b0e0c
-
SHA1
c4b975d85ceaf023cee1864599b97d3ae9260ece
-
SHA256
2754fc321433381d7f1b85193a0624191f560f3b4890bb68bccc7e285aa3a26f
-
SHA512
9cf654ca3fd03f6d389289019ab6c1e09307ece98f443f7f13e3e26e1d4a3c3c05f42ba522e38e399cc340d1adc6bc84c11d10779c9b0b48b972cac4b64c763c
-
SSDEEP
49152:jxIRJF1HL+VdX68kU6JtTF+TxMoxc1TU+j+dAzGwlrh:jEJF16dX68d6tIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-