General
-
Target
3bcef9701945ae62a5f2b479afff7ea777fbd297a23e2387582dc2cb7f1578fb
-
Size
1.9MB
-
Sample
240527-lft3esfb3z
-
MD5
6b171d2c0816650fb0de45f04c42bb07
-
SHA1
964dc7a8f3999bdfaeceeb30d00d5a084f369546
-
SHA256
3bcef9701945ae62a5f2b479afff7ea777fbd297a23e2387582dc2cb7f1578fb
-
SHA512
a1f8913719420a09491fc7ee00ec512a474aa31c1b64c9d673351c9f5cc04a1f566b461eb745014d4e09807d1f64d0ffef69edf07674f2833995a7f00d96a386
-
SSDEEP
49152:CdKfTn6vCJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnRtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
3bcef9701945ae62a5f2b479afff7ea777fbd297a23e2387582dc2cb7f1578fb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
3bcef9701945ae62a5f2b479afff7ea777fbd297a23e2387582dc2cb7f1578fb
-
Size
1.9MB
-
MD5
6b171d2c0816650fb0de45f04c42bb07
-
SHA1
964dc7a8f3999bdfaeceeb30d00d5a084f369546
-
SHA256
3bcef9701945ae62a5f2b479afff7ea777fbd297a23e2387582dc2cb7f1578fb
-
SHA512
a1f8913719420a09491fc7ee00ec512a474aa31c1b64c9d673351c9f5cc04a1f566b461eb745014d4e09807d1f64d0ffef69edf07674f2833995a7f00d96a386
-
SSDEEP
49152:CdKfTn6vCJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnRtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-