stealc | 4e57ba211728826bb1ebebb5735cc825b06bbf6689984a13b6a88b5e8e0178e2 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

4e57ba211728826bb1ebebb5735cc825b06bbf6689984a13b6a88b5e8e0178e2
Size

2.0MB
Sample

240526-f4y4dsge4s
MD5

441f2308a3fbf4a10357141a50231cc9
SHA1

0c38c3282a5bfcd9feee7c9a316af42307577515
SHA256

4e57ba211728826bb1ebebb5735cc825b06bbf6689984a13b6a88b5e8e0178e2
SHA512

4957ae673cc468d08158cd57f0f7e83770b42cc8837da375fdf65440bcb2b34c9d486777a61f092168738710ba8a77bf0b0b8207e2a6cd6974c9300b08711fd0
SSDEEP

49152:s4K3x1vUCJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18CtIuoITsdZ

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4e57ba211728826bb1ebebb5735cc825b06bbf6689984a13b6a88b5e8e0178e2.exe

Resource

win10v2004-20240426-en

stealc vidar discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4e57ba211728826bb1ebebb5735cc825b06bbf6689984a13b6a88b5e8e0178e2.exe

Resource

win11-20240419-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

- Target
  
  4e57ba211728826bb1ebebb5735cc825b06bbf6689984a13b6a88b5e8e0178e2
- Size
  
  2.0MB
- MD5
  
  441f2308a3fbf4a10357141a50231cc9
- SHA1
  
  0c38c3282a5bfcd9feee7c9a316af42307577515
- SHA256
  
  4e57ba211728826bb1ebebb5735cc825b06bbf6689984a13b6a88b5e8e0178e2
- SHA512
  
  4957ae673cc468d08158cd57f0f7e83770b42cc8837da375fdf65440bcb2b34c9d486777a61f092168738710ba8a77bf0b0b8207e2a6cd6974c9300b08711fd0
- SSDEEP
  
  49152:s4K3x1vUCJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18CtIuoITsdZ
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy