General
-
Target
50c3c81674fa541b15289aa58069961a16975e40bb921b4410f3f3d96e6a4fd6
-
Size
2.0MB
-
Sample
240526-qsp2fsgc4v
-
MD5
6a32e7c2f94d1e296a608c292e8463af
-
SHA1
c24de33c8e8e4120425d2b65da0a5fa7cc9a73d3
-
SHA256
50c3c81674fa541b15289aa58069961a16975e40bb921b4410f3f3d96e6a4fd6
-
SHA512
361df923ead37315a2ae1f2f09e47629f91e39ec025deb5b63c2b01a3b62f2824eba7319f832164ad450c21c127b50ce39a7c8127374de36b476e69f89626f3f
-
SSDEEP
49152:OePpQEFJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEFtIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
50c3c81674fa541b15289aa58069961a16975e40bb921b4410f3f3d96e6a4fd6
-
Size
2.0MB
-
MD5
6a32e7c2f94d1e296a608c292e8463af
-
SHA1
c24de33c8e8e4120425d2b65da0a5fa7cc9a73d3
-
SHA256
50c3c81674fa541b15289aa58069961a16975e40bb921b4410f3f3d96e6a4fd6
-
SHA512
361df923ead37315a2ae1f2f09e47629f91e39ec025deb5b63c2b01a3b62f2824eba7319f832164ad450c21c127b50ce39a7c8127374de36b476e69f89626f3f
-
SSDEEP
49152:OePpQEFJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEFtIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-