General
-
Target
Setup.exe.vir
-
Size
10.1MB
-
Sample
240525-smrdfagf9t
-
MD5
1c57a22d32a4e973c63c90f84946149e
-
SHA1
98954b5054e5c4bb6e509bb34bf60b282f6efeea
-
SHA256
a651607b9bba24d9c35bde35df0c398a0c916fae71b9b4c37ed13b444a4ec629
-
SHA512
670216e4f8ef062e45dd9a7df0ce604b839f7e1e6eb51aeff6d95a96b12d882c1e50a0dc8e13df89e62cd3ea82031b385d254c5c0c807702b2d6e27e99617e6d
-
SSDEEP
196608:6cSu3XxiLS7jUJjRas3w+8wB6+d02F185c12dtkUoQ2kFl2ZnG46zsI7f1wGoO:/SuHxqS7Sdas3wHz+uM18i12dtkUTRl5
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
Targets
-
-
Target
Setup.exe.vir
-
Size
10.1MB
-
MD5
1c57a22d32a4e973c63c90f84946149e
-
SHA1
98954b5054e5c4bb6e509bb34bf60b282f6efeea
-
SHA256
a651607b9bba24d9c35bde35df0c398a0c916fae71b9b4c37ed13b444a4ec629
-
SHA512
670216e4f8ef062e45dd9a7df0ce604b839f7e1e6eb51aeff6d95a96b12d882c1e50a0dc8e13df89e62cd3ea82031b385d254c5c0c807702b2d6e27e99617e6d
-
SSDEEP
196608:6cSu3XxiLS7jUJjRas3w+8wB6+d02F185c12dtkUoQ2kFl2ZnG46zsI7f1wGoO:/SuHxqS7Sdas3wHz+uM18i12dtkUTRl5
-
Detect Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-