General
-
Target
669bf5c2ac07ee03481ce14ec01ec34deccb7811f022101c08d23cb6e7590764
-
Size
2.0MB
-
Sample
240527-cphajsdf42
-
MD5
60723429452f83035a5436d3c57c4f26
-
SHA1
97572400c6eabe8130dfa621902723122691d9a5
-
SHA256
669bf5c2ac07ee03481ce14ec01ec34deccb7811f022101c08d23cb6e7590764
-
SHA512
e06e0232f861b4c38de69c8301a573d38d5c1b44b2d92e59c6898d88be9d2e9ded453256e6cf6354583e7afc74c13ad66c6e3ad7893b4c2b26f6a48188087e12
-
SSDEEP
49152:OePpQE9JtTF+TxMoxc1TU+j+dAzGwlrh:OePpQE9tIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
669bf5c2ac07ee03481ce14ec01ec34deccb7811f022101c08d23cb6e7590764
-
Size
2.0MB
-
MD5
60723429452f83035a5436d3c57c4f26
-
SHA1
97572400c6eabe8130dfa621902723122691d9a5
-
SHA256
669bf5c2ac07ee03481ce14ec01ec34deccb7811f022101c08d23cb6e7590764
-
SHA512
e06e0232f861b4c38de69c8301a573d38d5c1b44b2d92e59c6898d88be9d2e9ded453256e6cf6354583e7afc74c13ad66c6e3ad7893b4c2b26f6a48188087e12
-
SSDEEP
49152:OePpQE9JtTF+TxMoxc1TU+j+dAzGwlrh:OePpQE9tIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-