General
-
Target
a1068a7f11c34bf5b334e9066c45090d2e88988e1884038b956c8d04ee48629e
-
Size
1.9MB
-
Sample
240527-j6958aed48
-
MD5
399b1d71d20c9221f4a73528dba58f84
-
SHA1
62224bec32222175513cc82f9abefc69feb62eaf
-
SHA256
a1068a7f11c34bf5b334e9066c45090d2e88988e1884038b956c8d04ee48629e
-
SHA512
fe0fd0d8e01ee43e8128325347c6012cd8e7cee5f5b8f89240c259bb40447d589e3baa3c903f183f3476a135d03aac687490735895adef690ee2fc7b3402c897
-
SSDEEP
49152:CdKfTn6vaJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnBtIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
a1068a7f11c34bf5b334e9066c45090d2e88988e1884038b956c8d04ee48629e
-
Size
1.9MB
-
MD5
399b1d71d20c9221f4a73528dba58f84
-
SHA1
62224bec32222175513cc82f9abefc69feb62eaf
-
SHA256
a1068a7f11c34bf5b334e9066c45090d2e88988e1884038b956c8d04ee48629e
-
SHA512
fe0fd0d8e01ee43e8128325347c6012cd8e7cee5f5b8f89240c259bb40447d589e3baa3c903f183f3476a135d03aac687490735895adef690ee2fc7b3402c897
-
SSDEEP
49152:CdKfTn6vaJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnBtIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-