General
-
Target
8dc80a71783ce7e542c002d47d895780f709f7f3cc5023e61a64c1c32854b8bd
-
Size
2.0MB
-
Sample
240526-leqcvaed23
-
MD5
4c050161ae0f07b7cd127fb97b18856d
-
SHA1
a756a6091283962c9a64070c6049004e572ae1e3
-
SHA256
8dc80a71783ce7e542c002d47d895780f709f7f3cc5023e61a64c1c32854b8bd
-
SHA512
5516a08a65d9c34fec140e0431064f0bf4e8a5d3a8e1f51f4a392d12e4c2ce43a287ed1387849cc12366e1bf3ce5a1d903b684dd0813d677f9dd31d1b7dad97b
-
SSDEEP
49152:s4K3x1vU6JtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex186tIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
8dc80a71783ce7e542c002d47d895780f709f7f3cc5023e61a64c1c32854b8bd.exe
Resource
win7-20240419-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
8dc80a71783ce7e542c002d47d895780f709f7f3cc5023e61a64c1c32854b8bd
-
Size
2.0MB
-
MD5
4c050161ae0f07b7cd127fb97b18856d
-
SHA1
a756a6091283962c9a64070c6049004e572ae1e3
-
SHA256
8dc80a71783ce7e542c002d47d895780f709f7f3cc5023e61a64c1c32854b8bd
-
SHA512
5516a08a65d9c34fec140e0431064f0bf4e8a5d3a8e1f51f4a392d12e4c2ce43a287ed1387849cc12366e1bf3ce5a1d903b684dd0813d677f9dd31d1b7dad97b
-
SSDEEP
49152:s4K3x1vU6JtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex186tIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-