General
-
Target
9d81a0dcfbab76b95883058d2233d8e52aa1a756f6d920b4ad6393f9a9b333b9
-
Size
1.9MB
-
Sample
240527-qvadsaec3t
-
MD5
25390e0a7bd98274271ef4c9a11995ff
-
SHA1
f20c33523563c40dfcbda4a3fff0430502baffdc
-
SHA256
9d81a0dcfbab76b95883058d2233d8e52aa1a756f6d920b4ad6393f9a9b333b9
-
SHA512
597a007315094456fcc61ac3fa358ea3438d4f6a395651aa593b347d124509a98d2da5a2a4b0ff553aa368319dcc2bc411daec4a5ac0c02eb3e5a33c84c3d2df
-
SSDEEP
49152:CdKfTn6v2JtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnNtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
9d81a0dcfbab76b95883058d2233d8e52aa1a756f6d920b4ad6393f9a9b333b9.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
9d81a0dcfbab76b95883058d2233d8e52aa1a756f6d920b4ad6393f9a9b333b9
-
Size
1.9MB
-
MD5
25390e0a7bd98274271ef4c9a11995ff
-
SHA1
f20c33523563c40dfcbda4a3fff0430502baffdc
-
SHA256
9d81a0dcfbab76b95883058d2233d8e52aa1a756f6d920b4ad6393f9a9b333b9
-
SHA512
597a007315094456fcc61ac3fa358ea3438d4f6a395651aa593b347d124509a98d2da5a2a4b0ff553aa368319dcc2bc411daec4a5ac0c02eb3e5a33c84c3d2df
-
SSDEEP
49152:CdKfTn6v2JtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnNtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-