General
-
Target
b220a5caff6ad715ccde5c007671acc4e299b5d46ade58e673305e7aae9d52e6
-
Size
2.0MB
-
Sample
240525-pmp9laah7w
-
MD5
03859dc82d9a9cbf50c5a521ba30b5b3
-
SHA1
8f651d5ac8d13a564e93c747d4c10494b271c8ec
-
SHA256
b220a5caff6ad715ccde5c007671acc4e299b5d46ade58e673305e7aae9d52e6
-
SHA512
cb08b4b3ff47bf7555ffd279908ed4055d30ae0a72a104c91c376d038a74746dd9565ddd91cdf131d1d41dd82ba175b26af6dd426181559b6be5925ced94e4eb
-
SSDEEP
49152:s4K3x1vUqJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18qtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
b220a5caff6ad715ccde5c007671acc4e299b5d46ade58e673305e7aae9d52e6.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
b220a5caff6ad715ccde5c007671acc4e299b5d46ade58e673305e7aae9d52e6
-
Size
2.0MB
-
MD5
03859dc82d9a9cbf50c5a521ba30b5b3
-
SHA1
8f651d5ac8d13a564e93c747d4c10494b271c8ec
-
SHA256
b220a5caff6ad715ccde5c007671acc4e299b5d46ade58e673305e7aae9d52e6
-
SHA512
cb08b4b3ff47bf7555ffd279908ed4055d30ae0a72a104c91c376d038a74746dd9565ddd91cdf131d1d41dd82ba175b26af6dd426181559b6be5925ced94e4eb
-
SSDEEP
49152:s4K3x1vUqJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18qtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-