General
-
Target
5156ec4c405de9739771945e8cd62dec3df165e4385dc461e4c0cb0608c24583
-
Size
2.0MB
-
Sample
240524-ws75xsef89
-
MD5
5911a3389509555ed3f7e8a1049efbea
-
SHA1
42116f6c1fc1de831c7d28d9d4931796f9241d89
-
SHA256
5156ec4c405de9739771945e8cd62dec3df165e4385dc461e4c0cb0608c24583
-
SHA512
53a87b77f1b5dc15d1c22baa3eac9af256c13cbeb194a01a6b5694f080b4390d31f97d5244d824bc36042bea35b83817225369937cc6f271497f6f5ba4303496
-
SSDEEP
49152:s4K3x1vUuJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18utIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
5156ec4c405de9739771945e8cd62dec3df165e4385dc461e4c0cb0608c24583.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
5156ec4c405de9739771945e8cd62dec3df165e4385dc461e4c0cb0608c24583
-
Size
2.0MB
-
MD5
5911a3389509555ed3f7e8a1049efbea
-
SHA1
42116f6c1fc1de831c7d28d9d4931796f9241d89
-
SHA256
5156ec4c405de9739771945e8cd62dec3df165e4385dc461e4c0cb0608c24583
-
SHA512
53a87b77f1b5dc15d1c22baa3eac9af256c13cbeb194a01a6b5694f080b4390d31f97d5244d824bc36042bea35b83817225369937cc6f271497f6f5ba4303496
-
SSDEEP
49152:s4K3x1vUuJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18utIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-