General
-
Target
a52b932372f6b9f2990d0e61466d72177fa730dea0cfa0911753d99a44df897e
-
Size
2.0MB
-
Sample
240527-bc6a6sbe45
-
MD5
f38c39a09fce3833e00146c0d5cbfad4
-
SHA1
1970e746227ab1584bbb8db95242ed68d182d84f
-
SHA256
a52b932372f6b9f2990d0e61466d72177fa730dea0cfa0911753d99a44df897e
-
SHA512
71e1b2cf5a7c390311d510177f592b10f6c0b85a09c9ea647f5d0772686dd752b1085a9e2b0cb270fba0209c0d73308054512f847fdfc79f763b845f08564e34
-
SSDEEP
49152:OePpQEtJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEttIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
a52b932372f6b9f2990d0e61466d72177fa730dea0cfa0911753d99a44df897e.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
a52b932372f6b9f2990d0e61466d72177fa730dea0cfa0911753d99a44df897e
-
Size
2.0MB
-
MD5
f38c39a09fce3833e00146c0d5cbfad4
-
SHA1
1970e746227ab1584bbb8db95242ed68d182d84f
-
SHA256
a52b932372f6b9f2990d0e61466d72177fa730dea0cfa0911753d99a44df897e
-
SHA512
71e1b2cf5a7c390311d510177f592b10f6c0b85a09c9ea647f5d0772686dd752b1085a9e2b0cb270fba0209c0d73308054512f847fdfc79f763b845f08564e34
-
SSDEEP
49152:OePpQEtJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEttIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-