General
-
Target
5229bb2c720b5044459cdafa2eadcf140054609488df98c4eb7c5b628a798a37
-
Size
2.0MB
-
Sample
240524-vj9fyscg2y
-
MD5
75165714fba3c7d7a36c9418c94c90ba
-
SHA1
ac01c280c585c6a92ebf272fa183a6a137e778f3
-
SHA256
5229bb2c720b5044459cdafa2eadcf140054609488df98c4eb7c5b628a798a37
-
SHA512
7fcaee9bce66bbc5874605f2b981adef95ccc5d041b2bf7fb9d049aad76810e01ce1468bd0ee8159ebe763363a05a5dbc66fd5462ccada8abb516bd6517dbd6a
-
SSDEEP
49152:s4K3x1vUOJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18OtIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
5229bb2c720b5044459cdafa2eadcf140054609488df98c4eb7c5b628a798a37
-
Size
2.0MB
-
MD5
75165714fba3c7d7a36c9418c94c90ba
-
SHA1
ac01c280c585c6a92ebf272fa183a6a137e778f3
-
SHA256
5229bb2c720b5044459cdafa2eadcf140054609488df98c4eb7c5b628a798a37
-
SHA512
7fcaee9bce66bbc5874605f2b981adef95ccc5d041b2bf7fb9d049aad76810e01ce1468bd0ee8159ebe763363a05a5dbc66fd5462ccada8abb516bd6517dbd6a
-
SSDEEP
49152:s4K3x1vUOJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18OtIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-