General
-
Target
d698f4a95e8e4906e2ac061839316a6f45a713944952db9b61bdd9b64222961f
-
Size
2.0MB
-
Sample
240527-dqkyhaeb9v
-
MD5
8122eccc7f6626465aea3665bc561514
-
SHA1
c2037dd299d568296da48c942ff9bec63332ea5b
-
SHA256
d698f4a95e8e4906e2ac061839316a6f45a713944952db9b61bdd9b64222961f
-
SHA512
2faf1534e65673cee0a0d4f9f43050112305bb9f6ba3a1ea3c5af7f9e36250129180d3e89be984fcaa24d2cdf0354a12cf7b84fa783772964a7266ca66c5aaa0
-
SSDEEP
49152:s4K3x1vUmJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18mtIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
d698f4a95e8e4906e2ac061839316a6f45a713944952db9b61bdd9b64222961f
-
Size
2.0MB
-
MD5
8122eccc7f6626465aea3665bc561514
-
SHA1
c2037dd299d568296da48c942ff9bec63332ea5b
-
SHA256
d698f4a95e8e4906e2ac061839316a6f45a713944952db9b61bdd9b64222961f
-
SHA512
2faf1534e65673cee0a0d4f9f43050112305bb9f6ba3a1ea3c5af7f9e36250129180d3e89be984fcaa24d2cdf0354a12cf7b84fa783772964a7266ca66c5aaa0
-
SSDEEP
49152:s4K3x1vUmJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18mtIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-