General
-
Target
cf286f641da0451afc6ebb7a5d48f79f5bd72e716381a3f593b021237e19eea7
-
Size
2.0MB
-
Sample
240526-sb2d9sbb35
-
MD5
1d119ae08e1dd73a9de1764eb2c97d0f
-
SHA1
dbbf50c87d086b15276cbeda527d5d5f4da3f23e
-
SHA256
cf286f641da0451afc6ebb7a5d48f79f5bd72e716381a3f593b021237e19eea7
-
SHA512
bbba36d341826b5db6ffeecd41f8e605554dfceffe62db63915bfdc5e23b697aa3e7a3d74c86e22585f1a37737f159586af7e6f26290d9e5df929fc148633a5d
-
SSDEEP
49152:OePpQElJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEltIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
cf286f641da0451afc6ebb7a5d48f79f5bd72e716381a3f593b021237e19eea7.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
cf286f641da0451afc6ebb7a5d48f79f5bd72e716381a3f593b021237e19eea7
-
Size
2.0MB
-
MD5
1d119ae08e1dd73a9de1764eb2c97d0f
-
SHA1
dbbf50c87d086b15276cbeda527d5d5f4da3f23e
-
SHA256
cf286f641da0451afc6ebb7a5d48f79f5bd72e716381a3f593b021237e19eea7
-
SHA512
bbba36d341826b5db6ffeecd41f8e605554dfceffe62db63915bfdc5e23b697aa3e7a3d74c86e22585f1a37737f159586af7e6f26290d9e5df929fc148633a5d
-
SSDEEP
49152:OePpQElJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEltIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-