General

  • Target

    ee59d4ade657ea0a177ce2f35dd990d56933b1e5ed5765c2ef446bf309e5b42e

  • Size

    2.0MB

  • Sample

    240526-ctafhacb49

  • MD5

    da5fb75ea2827f983f83bcea2f2abc8e

  • SHA1

    01699597b417905393537bbf5c8513fca2b324b6

  • SHA256

    ee59d4ade657ea0a177ce2f35dd990d56933b1e5ed5765c2ef446bf309e5b42e

  • SHA512

    cc29db80747443a3e28e8607f4fa889f0b4a3d60248d4a52baeb758c3690da1a304be35bef53d17a391b00ea7810bc3326e67baf4dfe04511caea17533c30f8b

  • SSDEEP

    49152:s4K3x1vU6JtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex186tIuoITsdZ

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      ee59d4ade657ea0a177ce2f35dd990d56933b1e5ed5765c2ef446bf309e5b42e

    • Size

      2.0MB

    • MD5

      da5fb75ea2827f983f83bcea2f2abc8e

    • SHA1

      01699597b417905393537bbf5c8513fca2b324b6

    • SHA256

      ee59d4ade657ea0a177ce2f35dd990d56933b1e5ed5765c2ef446bf309e5b42e

    • SHA512

      cc29db80747443a3e28e8607f4fa889f0b4a3d60248d4a52baeb758c3690da1a304be35bef53d17a391b00ea7810bc3326e67baf4dfe04511caea17533c30f8b

    • SSDEEP

      49152:s4K3x1vU6JtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex186tIuoITsdZ

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks