stealc | dc17e7583b896ace09a956f2c5c0737f0b6b42312ba2db19b94c08c1dc108114 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

dc17e7583b896ace09a956f2c5c0737f0b6b42312ba2db19b94c08c1dc108114
Size

2.4MB
Sample

240524-qh1p7sfc4z
MD5

024752dbf63f9e5b18076c1ab34618c5
SHA1

774144080d005726766b4cfe612893516fd802f0
SHA256

dc17e7583b896ace09a956f2c5c0737f0b6b42312ba2db19b94c08c1dc108114
SHA512

73cb270e3247c81e8f3400c393762009d9aed606797aa836c74b9d950f7da5a57dc277f827858112654b7b6aaafa91ecddbcedb4189b522572b420a2a821406e
SSDEEP

49152:jxIRJF1HL+VdX68kUiJtTF+TxMoxc1TU+j+dAzGwlrh:jEJF16dX68ditIuoITsdZ

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc17e7583b896ace09a956f2c5c0737f0b6b42312ba2db19b94c08c1dc108114.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc17e7583b896ace09a956f2c5c0737f0b6b42312ba2db19b94c08c1dc108114.exe

Resource

win11-20240508-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

- Target
  
  dc17e7583b896ace09a956f2c5c0737f0b6b42312ba2db19b94c08c1dc108114
- Size
  
  2.4MB
- MD5
  
  024752dbf63f9e5b18076c1ab34618c5
- SHA1
  
  774144080d005726766b4cfe612893516fd802f0
- SHA256
  
  dc17e7583b896ace09a956f2c5c0737f0b6b42312ba2db19b94c08c1dc108114
- SHA512
  
  73cb270e3247c81e8f3400c393762009d9aed606797aa836c74b9d950f7da5a57dc277f827858112654b7b6aaafa91ecddbcedb4189b522572b420a2a821406e
- SSDEEP
  
  49152:jxIRJF1HL+VdX68kUiJtTF+TxMoxc1TU+j+dAzGwlrh:jEJF16dX68ditIuoITsdZ
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy