General
-
Target
327ff841c9894267f2bdbea84b4d1a3dca7927d2643404ef7ab838735da87180
-
Size
2.0MB
-
Sample
240526-pw2zradd9z
-
MD5
7ead1ab58d3f895a3dc2788cc7bf0691
-
SHA1
4917082e32b9cc8b716cd682518caf422ea1922e
-
SHA256
327ff841c9894267f2bdbea84b4d1a3dca7927d2643404ef7ab838735da87180
-
SHA512
c3e3416f43e3422684e377d06de9597fbe0f6f810c0142bacd583173badd0f53b55d7ca7f0ed2fa1556809eef561966a2c1eaba01aff06ff520cfa5064666dec
-
SSDEEP
49152:OePpQEJJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEJtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
327ff841c9894267f2bdbea84b4d1a3dca7927d2643404ef7ab838735da87180.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
327ff841c9894267f2bdbea84b4d1a3dca7927d2643404ef7ab838735da87180
-
Size
2.0MB
-
MD5
7ead1ab58d3f895a3dc2788cc7bf0691
-
SHA1
4917082e32b9cc8b716cd682518caf422ea1922e
-
SHA256
327ff841c9894267f2bdbea84b4d1a3dca7927d2643404ef7ab838735da87180
-
SHA512
c3e3416f43e3422684e377d06de9597fbe0f6f810c0142bacd583173badd0f53b55d7ca7f0ed2fa1556809eef561966a2c1eaba01aff06ff520cfa5064666dec
-
SSDEEP
49152:OePpQEJJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEJtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-