General
-
Target
0531cde6ba89309d775fcde01b8e2ccfef581a55215679f87e900aa1b2cbd8de
-
Size
2.0MB
-
Sample
240526-jlylpacd97
-
MD5
637a555d11f8f962baca74e1f4f7a06f
-
SHA1
f0888ac8cfce124947628ae48c0e7bcea18d421e
-
SHA256
0531cde6ba89309d775fcde01b8e2ccfef581a55215679f87e900aa1b2cbd8de
-
SHA512
bdb6ad6752ef8cef52c8422d1863189c76906df5a58386799dad08d348006a6fe8119e85c20c4fb5a450283763d7f5e1de85c9de9a5f5b8e80192a4acec22337
-
SSDEEP
49152:s4K3x1vUGJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18GtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
0531cde6ba89309d775fcde01b8e2ccfef581a55215679f87e900aa1b2cbd8de.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
0531cde6ba89309d775fcde01b8e2ccfef581a55215679f87e900aa1b2cbd8de
-
Size
2.0MB
-
MD5
637a555d11f8f962baca74e1f4f7a06f
-
SHA1
f0888ac8cfce124947628ae48c0e7bcea18d421e
-
SHA256
0531cde6ba89309d775fcde01b8e2ccfef581a55215679f87e900aa1b2cbd8de
-
SHA512
bdb6ad6752ef8cef52c8422d1863189c76906df5a58386799dad08d348006a6fe8119e85c20c4fb5a450283763d7f5e1de85c9de9a5f5b8e80192a4acec22337
-
SSDEEP
49152:s4K3x1vUGJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18GtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-