stealc | 484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b | Triage

Submit
Reports

Overview

overview

Static

static

3

b8b6d94f2e...32.exe

windows7-x64

b8b6d94f2e...32.exe

windows10-2004-x64

Sharing

General

Target

b8b6d94f2e3b6ae6be5205ef84ae0332.exe
Size

2.7MB
Sample

240527-qp3s5sea8x
MD5

b8b6d94f2e3b6ae6be5205ef84ae0332
SHA1

5ddf798d3d0a007a030a102e6bfc150e5a08ea83
SHA256

484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b
SHA512

968a81025278fe2598961e1376f4c144dd20979f316231093157dee7364713265675070d67c08510b574966e6178264d7e4d350c15cd5eaa7026ca3e9a2f45b3
SSDEEP

49152:KFzUITu6rv7vkceIsWGIgT+pFeawTkvBt:KKfYv4J0wTQB

Score

10^/10

stealc vidar stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b8b6d94f2e3b6ae6be5205ef84ae0332.exe

Resource

win7-20240508-en

stealc vidar stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b8b6d94f2e3b6ae6be5205ef84ae0332.exe

Resource

win10v2004-20240426-en

stealc vidar stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

- Target
  
  b8b6d94f2e3b6ae6be5205ef84ae0332.exe
- Size
  
  2.7MB
- MD5
  
  b8b6d94f2e3b6ae6be5205ef84ae0332
- SHA1
  
  5ddf798d3d0a007a030a102e6bfc150e5a08ea83
- SHA256
  
  484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b
- SHA512
  
  968a81025278fe2598961e1376f4c144dd20979f316231093157dee7364713265675070d67c08510b574966e6178264d7e4d350c15cd5eaa7026ca3e9a2f45b3
- SSDEEP
  
  49152:KFzUITu6rv7vkceIsWGIgT+pFeawTkvBt:KKfYv4J0wTQB
Score

10^/10

stealc vidar stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarstealer

behavioral2

stealcvidarstealer

© 2018-2024

Terms | Privacy