General
-
Target
5a8b845edd8d70813c5332eced681cd26e34531d65303c686a31d890d78f9c61
-
Size
2.0MB
-
Sample
240527-ay6y6ahh7v
-
MD5
73c3868deb9cd1e27eb04d7ef0eaf601
-
SHA1
0bcc435d9798bf2f1a7003a0b01e5b136d8ecb7a
-
SHA256
5a8b845edd8d70813c5332eced681cd26e34531d65303c686a31d890d78f9c61
-
SHA512
ddd2f51fa205eb2e5d2a5a503242772352977545430150d95f5c5de9b4a8cb39f1f0c4d23180e370e957c2fef612c1b1abd26bb4c113d08015efa83a47995c86
-
SSDEEP
49152:OePpQERJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQERtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
5a8b845edd8d70813c5332eced681cd26e34531d65303c686a31d890d78f9c61.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
5a8b845edd8d70813c5332eced681cd26e34531d65303c686a31d890d78f9c61
-
Size
2.0MB
-
MD5
73c3868deb9cd1e27eb04d7ef0eaf601
-
SHA1
0bcc435d9798bf2f1a7003a0b01e5b136d8ecb7a
-
SHA256
5a8b845edd8d70813c5332eced681cd26e34531d65303c686a31d890d78f9c61
-
SHA512
ddd2f51fa205eb2e5d2a5a503242772352977545430150d95f5c5de9b4a8cb39f1f0c4d23180e370e957c2fef612c1b1abd26bb4c113d08015efa83a47995c86
-
SSDEEP
49152:OePpQERJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQERtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-