General
-
Target
fc6f196562ee8fab708c942033dd8b29ca07136e114201c9945f42170a703ec6
-
Size
2.0MB
-
Sample
240525-svrdeahd95
-
MD5
ae4fa8e0a9ffc588c39ccd06b44e394f
-
SHA1
c6ddb615d962cfc7dfd4a2e1429b821888091c3b
-
SHA256
fc6f196562ee8fab708c942033dd8b29ca07136e114201c9945f42170a703ec6
-
SHA512
9409251967064ba368471af85f8aa48322359650e3b2f42260d44043480de7fe310695ed718e853fdeb5c46a95fbb92490e333a739f86769933877d46b2a7797
-
SSDEEP
49152:s4K3x1vUeJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18etIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
fc6f196562ee8fab708c942033dd8b29ca07136e114201c9945f42170a703ec6.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
fc6f196562ee8fab708c942033dd8b29ca07136e114201c9945f42170a703ec6
-
Size
2.0MB
-
MD5
ae4fa8e0a9ffc588c39ccd06b44e394f
-
SHA1
c6ddb615d962cfc7dfd4a2e1429b821888091c3b
-
SHA256
fc6f196562ee8fab708c942033dd8b29ca07136e114201c9945f42170a703ec6
-
SHA512
9409251967064ba368471af85f8aa48322359650e3b2f42260d44043480de7fe310695ed718e853fdeb5c46a95fbb92490e333a739f86769933877d46b2a7797
-
SSDEEP
49152:s4K3x1vUeJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18etIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-