General
-
Target
b83f79a17c7a47eee83600fe8f79a8b6c4d3c9196da6e8e7b7e1a2c0c3b5ea59
-
Size
1.9MB
-
Sample
240527-npkw8ahg7z
-
MD5
e409c57669bd09d8fd54455b2f639994
-
SHA1
411f11db478bc0f3039513c37d5e8dd1be9384c1
-
SHA256
b83f79a17c7a47eee83600fe8f79a8b6c4d3c9196da6e8e7b7e1a2c0c3b5ea59
-
SHA512
9f5cc623de6798f7d92e1a9272cda26248a1d9c44729420d21d9852127a0ced3d963e61526e451379537e20abdae3da5966aff2c9b820ad570b590568a1d1521
-
SSDEEP
49152:CdKfTn6vWJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnFtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
b83f79a17c7a47eee83600fe8f79a8b6c4d3c9196da6e8e7b7e1a2c0c3b5ea59.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
b83f79a17c7a47eee83600fe8f79a8b6c4d3c9196da6e8e7b7e1a2c0c3b5ea59
-
Size
1.9MB
-
MD5
e409c57669bd09d8fd54455b2f639994
-
SHA1
411f11db478bc0f3039513c37d5e8dd1be9384c1
-
SHA256
b83f79a17c7a47eee83600fe8f79a8b6c4d3c9196da6e8e7b7e1a2c0c3b5ea59
-
SHA512
9f5cc623de6798f7d92e1a9272cda26248a1d9c44729420d21d9852127a0ced3d963e61526e451379537e20abdae3da5966aff2c9b820ad570b590568a1d1521
-
SSDEEP
49152:CdKfTn6vWJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnFtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-