General

  • Target

    e64c0b5064c4478f23eb3b28129778d6e13a50143fe1865542060895918afebc

  • Size

    2.0MB

  • Sample

    240527-dhm3wseh63

  • MD5

    786661f574b9be03766248ca83982b1f

  • SHA1

    dbe3b72529dc4c00781ef6f2ac48841417089726

  • SHA256

    e64c0b5064c4478f23eb3b28129778d6e13a50143fe1865542060895918afebc

  • SHA512

    5d6a03b647b488a68dd70ffbe7f54d1ac2416460c1d58c46910d7bf2cf06687121f05c3050e03768b7222613604a64f37fe9319a60ca9a1a33bbf835bbbb1572

  • SSDEEP

    49152:OePpQEZJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEZtIuoITsdZ

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      e64c0b5064c4478f23eb3b28129778d6e13a50143fe1865542060895918afebc

    • Size

      2.0MB

    • MD5

      786661f574b9be03766248ca83982b1f

    • SHA1

      dbe3b72529dc4c00781ef6f2ac48841417089726

    • SHA256

      e64c0b5064c4478f23eb3b28129778d6e13a50143fe1865542060895918afebc

    • SHA512

      5d6a03b647b488a68dd70ffbe7f54d1ac2416460c1d58c46910d7bf2cf06687121f05c3050e03768b7222613604a64f37fe9319a60ca9a1a33bbf835bbbb1572

    • SSDEEP

      49152:OePpQEZJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEZtIuoITsdZ

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks