General
-
Target
f3982d6e94df1a27aba2b6d04eaae994a3c806932d8ecb9ad29287aa499e8b28
-
Size
1.9MB
-
Sample
240527-qmf7csfb26
-
MD5
2095273c7b526065d7094738aa070e1b
-
SHA1
6c5a76dd98d42bf2245a249df4ce32b82aa7a9d3
-
SHA256
f3982d6e94df1a27aba2b6d04eaae994a3c806932d8ecb9ad29287aa499e8b28
-
SHA512
1a56ca6f0c8b4fa5c55ae5048b42a74fe808feee102bd9cbc65184a70dae81127196ba363a50907c11814c749533639a4ace850910a9420a2f2ebc221b762e8a
-
SSDEEP
49152:CdKfTn6vGJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnltIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
f3982d6e94df1a27aba2b6d04eaae994a3c806932d8ecb9ad29287aa499e8b28
-
Size
1.9MB
-
MD5
2095273c7b526065d7094738aa070e1b
-
SHA1
6c5a76dd98d42bf2245a249df4ce32b82aa7a9d3
-
SHA256
f3982d6e94df1a27aba2b6d04eaae994a3c806932d8ecb9ad29287aa499e8b28
-
SHA512
1a56ca6f0c8b4fa5c55ae5048b42a74fe808feee102bd9cbc65184a70dae81127196ba363a50907c11814c749533639a4ace850910a9420a2f2ebc221b762e8a
-
SSDEEP
49152:CdKfTn6vGJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnltIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-