General
-
Target
d0371a2f2ea5e15d587121ef27f7455a032c16a94751df79046397371f942eec
-
Size
1.9MB
-
Sample
240527-2bjnwsdc72
-
MD5
b5e8187adb965b2bfd4f57880ef9ee2f
-
SHA1
fb7516511580c16a9006b05cc0971e35a58850bd
-
SHA256
d0371a2f2ea5e15d587121ef27f7455a032c16a94751df79046397371f942eec
-
SHA512
f9a088175aa81b5b728949f0165ebe575c0b275b99597580c4ea08b08e1fb9ed44a9bd8f3a69ef13a1435d52fc35d5b788ee49d76982c09121550bef473547fa
-
SSDEEP
49152:CdKfTn6v6JtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnBtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
d0371a2f2ea5e15d587121ef27f7455a032c16a94751df79046397371f942eec.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
d0371a2f2ea5e15d587121ef27f7455a032c16a94751df79046397371f942eec
-
Size
1.9MB
-
MD5
b5e8187adb965b2bfd4f57880ef9ee2f
-
SHA1
fb7516511580c16a9006b05cc0971e35a58850bd
-
SHA256
d0371a2f2ea5e15d587121ef27f7455a032c16a94751df79046397371f942eec
-
SHA512
f9a088175aa81b5b728949f0165ebe575c0b275b99597580c4ea08b08e1fb9ed44a9bd8f3a69ef13a1435d52fc35d5b788ee49d76982c09121550bef473547fa
-
SSDEEP
49152:CdKfTn6v6JtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnBtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-