General
-
Target
cf620844a1ec7cb1fa865bf143b3e22fb574a775c40b9f9f142be47c1b7e1290
-
Size
2.0MB
-
Sample
240526-myewwsgd96
-
MD5
8acd25bdc4c8c0fb060703e1d4dc5d47
-
SHA1
29da702afb52fe9b93ed5c9e70a8d812c9f507c0
-
SHA256
cf620844a1ec7cb1fa865bf143b3e22fb574a775c40b9f9f142be47c1b7e1290
-
SHA512
b88541ad2c74b682825875a37d04eb031a231109e7d161942544b4690800474ebe656efe6e1118569048365a019988cf5ee8cac6d0533e2ba164777d78a3eb18
-
SSDEEP
49152:OePpQEtJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEttIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
cf620844a1ec7cb1fa865bf143b3e22fb574a775c40b9f9f142be47c1b7e1290.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
cf620844a1ec7cb1fa865bf143b3e22fb574a775c40b9f9f142be47c1b7e1290
-
Size
2.0MB
-
MD5
8acd25bdc4c8c0fb060703e1d4dc5d47
-
SHA1
29da702afb52fe9b93ed5c9e70a8d812c9f507c0
-
SHA256
cf620844a1ec7cb1fa865bf143b3e22fb574a775c40b9f9f142be47c1b7e1290
-
SHA512
b88541ad2c74b682825875a37d04eb031a231109e7d161942544b4690800474ebe656efe6e1118569048365a019988cf5ee8cac6d0533e2ba164777d78a3eb18
-
SSDEEP
49152:OePpQEtJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEttIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-