General
-
Target
471c570e4148bc6a053bbb3d52e24a055bb8b799dd067c0a5c4b018e18d729cc
-
Size
1.9MB
-
Sample
240527-mrmcdsgf9v
-
MD5
6e864eeaf1667d7a0bda438b525828f9
-
SHA1
72d1ffe4a483dcef57e16d274e436c176a519c42
-
SHA256
471c570e4148bc6a053bbb3d52e24a055bb8b799dd067c0a5c4b018e18d729cc
-
SHA512
c97a811384391dc1be1f39f234782290f37e71a9ac90d673f15f551e05396bea884fe9e19595d8ff1e59e218162ce3a44e6eae78b92a87a490b2730e8ecd4675
-
SSDEEP
49152:CdKfTn6vOJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnttIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
471c570e4148bc6a053bbb3d52e24a055bb8b799dd067c0a5c4b018e18d729cc.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
471c570e4148bc6a053bbb3d52e24a055bb8b799dd067c0a5c4b018e18d729cc
-
Size
1.9MB
-
MD5
6e864eeaf1667d7a0bda438b525828f9
-
SHA1
72d1ffe4a483dcef57e16d274e436c176a519c42
-
SHA256
471c570e4148bc6a053bbb3d52e24a055bb8b799dd067c0a5c4b018e18d729cc
-
SHA512
c97a811384391dc1be1f39f234782290f37e71a9ac90d673f15f551e05396bea884fe9e19595d8ff1e59e218162ce3a44e6eae78b92a87a490b2730e8ecd4675
-
SSDEEP
49152:CdKfTn6vOJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnttIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-