General
-
Target
c05e565b6b4d97c18ad9c51999e52febb56648768d0a409a9f914d6eb3d2b96c
-
Size
2.0MB
-
Sample
240525-r7p6fagc4z
-
MD5
9c487e4e13e6a8c9d0171a5970af71e2
-
SHA1
12871ad5a4723b545c8e4f37f7e75d3dcfdd910d
-
SHA256
c05e565b6b4d97c18ad9c51999e52febb56648768d0a409a9f914d6eb3d2b96c
-
SHA512
b01cef58744ae98582a85d8c0e2e35f7fa886aa05af3e9bfe6e62c868cd95f6196df5991f7dfba9f935bff72f13f1ee8c6deb4627e67956ddae210cfa3caae3d
-
SSDEEP
49152:s4K3x1vUeJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18etIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
c05e565b6b4d97c18ad9c51999e52febb56648768d0a409a9f914d6eb3d2b96c.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
c05e565b6b4d97c18ad9c51999e52febb56648768d0a409a9f914d6eb3d2b96c
-
Size
2.0MB
-
MD5
9c487e4e13e6a8c9d0171a5970af71e2
-
SHA1
12871ad5a4723b545c8e4f37f7e75d3dcfdd910d
-
SHA256
c05e565b6b4d97c18ad9c51999e52febb56648768d0a409a9f914d6eb3d2b96c
-
SHA512
b01cef58744ae98582a85d8c0e2e35f7fa886aa05af3e9bfe6e62c868cd95f6196df5991f7dfba9f935bff72f13f1ee8c6deb4627e67956ddae210cfa3caae3d
-
SSDEEP
49152:s4K3x1vUeJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18etIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-