General
-
Target
9ede2eb632fd2398911b87f3a3a065f8be1e3f74011467ddde6b77e72220c7c6
-
Size
2.0MB
-
Sample
240527-drfp6sec3t
-
MD5
58353141cf804e096009cf73134b6341
-
SHA1
e38fb4a61f96952037e99a3c583e1f87697efdfb
-
SHA256
9ede2eb632fd2398911b87f3a3a065f8be1e3f74011467ddde6b77e72220c7c6
-
SHA512
00db144d685204aabe253efd829050bfcda806b919efd923f1900b3105deb41700230e79c282f19e02d8432bd2ba87ecb113ce9b6f6254ddaeaeca18ea493cc0
-
SSDEEP
49152:OePpQEtJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEttIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
9ede2eb632fd2398911b87f3a3a065f8be1e3f74011467ddde6b77e72220c7c6
-
Size
2.0MB
-
MD5
58353141cf804e096009cf73134b6341
-
SHA1
e38fb4a61f96952037e99a3c583e1f87697efdfb
-
SHA256
9ede2eb632fd2398911b87f3a3a065f8be1e3f74011467ddde6b77e72220c7c6
-
SHA512
00db144d685204aabe253efd829050bfcda806b919efd923f1900b3105deb41700230e79c282f19e02d8432bd2ba87ecb113ce9b6f6254ddaeaeca18ea493cc0
-
SSDEEP
49152:OePpQEtJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEttIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-