General
-
Target
25bc3397c3b1823abb8d920fa41db2152639c2985be6016ab735948ab2add993
-
Size
1.9MB
-
Sample
240527-kcqp6adf5v
-
MD5
c636216416c31f58fb49d168cf768129
-
SHA1
6b3468eb239bb3035f9970405b506c5e38493f62
-
SHA256
25bc3397c3b1823abb8d920fa41db2152639c2985be6016ab735948ab2add993
-
SHA512
1be1d86c5d2ee676b0ebcd618f0e07d0dce006a85629b63cae9316c55114f57e2156ed267b03266b582c46c486aef0f619df801e2d4ffeff0e00535a85a05113
-
SSDEEP
49152:CdKfTn6vKJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnJtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
25bc3397c3b1823abb8d920fa41db2152639c2985be6016ab735948ab2add993.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
25bc3397c3b1823abb8d920fa41db2152639c2985be6016ab735948ab2add993
-
Size
1.9MB
-
MD5
c636216416c31f58fb49d168cf768129
-
SHA1
6b3468eb239bb3035f9970405b506c5e38493f62
-
SHA256
25bc3397c3b1823abb8d920fa41db2152639c2985be6016ab735948ab2add993
-
SHA512
1be1d86c5d2ee676b0ebcd618f0e07d0dce006a85629b63cae9316c55114f57e2156ed267b03266b582c46c486aef0f619df801e2d4ffeff0e00535a85a05113
-
SSDEEP
49152:CdKfTn6vKJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnJtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-