General
-
Target
fc17f100ef27bc519c0b7f4db558709f7d558723c1a67c7a6cfab7217ef39577
-
Size
2.0MB
-
Sample
240525-z8rdwsbd44
-
MD5
8adfeaf08bf097503169c6062a0d7607
-
SHA1
07a4644db9a01a5aab486ad4677cef70d0d86baa
-
SHA256
fc17f100ef27bc519c0b7f4db558709f7d558723c1a67c7a6cfab7217ef39577
-
SHA512
23d27e5c989d3d4083ad2bb5391562219374bcc7a818b746cff2b8905026b8b92637700196390c51426eb140c89c2fb72989237179dc79da4ae399c90c0b8c3e
-
SSDEEP
49152:s4K3x1vUCJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18CtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
fc17f100ef27bc519c0b7f4db558709f7d558723c1a67c7a6cfab7217ef39577.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
fc17f100ef27bc519c0b7f4db558709f7d558723c1a67c7a6cfab7217ef39577
-
Size
2.0MB
-
MD5
8adfeaf08bf097503169c6062a0d7607
-
SHA1
07a4644db9a01a5aab486ad4677cef70d0d86baa
-
SHA256
fc17f100ef27bc519c0b7f4db558709f7d558723c1a67c7a6cfab7217ef39577
-
SHA512
23d27e5c989d3d4083ad2bb5391562219374bcc7a818b746cff2b8905026b8b92637700196390c51426eb140c89c2fb72989237179dc79da4ae399c90c0b8c3e
-
SSDEEP
49152:s4K3x1vUCJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18CtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-