General
-
Target
0b28575bc27a80730724775c48f7a32bb95851c5f44960d87fa8848ea1e20d5b
-
Size
2.0MB
-
Sample
240525-lnbk2sdc42
-
MD5
b1efe73af7d3b37fdd6c2e902e4b9312
-
SHA1
34d5a6d1fb2ec54c9d371e2fc0072b6bdd0ae404
-
SHA256
0b28575bc27a80730724775c48f7a32bb95851c5f44960d87fa8848ea1e20d5b
-
SHA512
3ff1fbfe390f15d743f4981a923dde32f8a1b85f2956e08bd959943bf995fc37116c6b6b44a32567bd4d505a1f92f67563b0db03abf2067ccdc9dab7a98b485d
-
SSDEEP
49152:s4K3x1vUSJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18StIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
0b28575bc27a80730724775c48f7a32bb95851c5f44960d87fa8848ea1e20d5b.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
0b28575bc27a80730724775c48f7a32bb95851c5f44960d87fa8848ea1e20d5b
-
Size
2.0MB
-
MD5
b1efe73af7d3b37fdd6c2e902e4b9312
-
SHA1
34d5a6d1fb2ec54c9d371e2fc0072b6bdd0ae404
-
SHA256
0b28575bc27a80730724775c48f7a32bb95851c5f44960d87fa8848ea1e20d5b
-
SHA512
3ff1fbfe390f15d743f4981a923dde32f8a1b85f2956e08bd959943bf995fc37116c6b6b44a32567bd4d505a1f92f67563b0db03abf2067ccdc9dab7a98b485d
-
SSDEEP
49152:s4K3x1vUSJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18StIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-