General
-
Target
643d8c70aea278c47925c3844d4b60c30ee8130585fde51094f25d8c8b8855bc
-
Size
2.0MB
-
Sample
240526-1k53tada51
-
MD5
41daf25752c8ec3026bd17225c33a81c
-
SHA1
04529c570314886b42eeb2260339e515a5ed75b3
-
SHA256
643d8c70aea278c47925c3844d4b60c30ee8130585fde51094f25d8c8b8855bc
-
SHA512
50d4a8733b5a8327b7c15c3358a818b39ab878d962e7f2c92de72b16a550d64f5e3808299e92003471606b94cae14365cce11890db10008f5595b842944b3c36
-
SSDEEP
49152:OePpQEBJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEBtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
643d8c70aea278c47925c3844d4b60c30ee8130585fde51094f25d8c8b8855bc.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
643d8c70aea278c47925c3844d4b60c30ee8130585fde51094f25d8c8b8855bc
-
Size
2.0MB
-
MD5
41daf25752c8ec3026bd17225c33a81c
-
SHA1
04529c570314886b42eeb2260339e515a5ed75b3
-
SHA256
643d8c70aea278c47925c3844d4b60c30ee8130585fde51094f25d8c8b8855bc
-
SHA512
50d4a8733b5a8327b7c15c3358a818b39ab878d962e7f2c92de72b16a550d64f5e3808299e92003471606b94cae14365cce11890db10008f5595b842944b3c36
-
SSDEEP
49152:OePpQEBJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEBtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-