General
-
Target
b2ff7d2e385c7ac6ccb07485b1e2c1db42e4672cb186fadb2596d95a1cfe6a42
-
Size
1.9MB
-
Sample
240527-r52rfsha96
-
MD5
aa8c50c68cb7f01937158c78d000ec2b
-
SHA1
0123a0ec4a70fe18757d8283971f508f757c0c75
-
SHA256
b2ff7d2e385c7ac6ccb07485b1e2c1db42e4672cb186fadb2596d95a1cfe6a42
-
SHA512
575f982d5dea77dd2187d8bac55cdc2cec674cbaca813e0fb8c1f5119aae8a6155baa425679423358c8b101b94b308a1ead100743854d8808298b304c9067664
-
SSDEEP
49152:CdKfTn6vOJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnNtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
b2ff7d2e385c7ac6ccb07485b1e2c1db42e4672cb186fadb2596d95a1cfe6a42.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
b2ff7d2e385c7ac6ccb07485b1e2c1db42e4672cb186fadb2596d95a1cfe6a42
-
Size
1.9MB
-
MD5
aa8c50c68cb7f01937158c78d000ec2b
-
SHA1
0123a0ec4a70fe18757d8283971f508f757c0c75
-
SHA256
b2ff7d2e385c7ac6ccb07485b1e2c1db42e4672cb186fadb2596d95a1cfe6a42
-
SHA512
575f982d5dea77dd2187d8bac55cdc2cec674cbaca813e0fb8c1f5119aae8a6155baa425679423358c8b101b94b308a1ead100743854d8808298b304c9067664
-
SSDEEP
49152:CdKfTn6vOJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnNtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-