General
-
Target
18e311ef22c8509271918de7fe785dcba0129e247535d74c0c02f28bd6669c0e
-
Size
2.0MB
-
Sample
240527-x2gvrseh5x
-
MD5
00bc277228c88586532035228245d771
-
SHA1
7b40cc14b6358e2646a1620ff658503f966506ab
-
SHA256
18e311ef22c8509271918de7fe785dcba0129e247535d74c0c02f28bd6669c0e
-
SHA512
48d8e1f31b1d4f51d6f41122ff9422a5e626de302e4a5ed0f49975be916efa01e6bc2ce733b003a052cc056a5cea2b10391897e7ef1e5aea3034c93e2ccedb29
-
SSDEEP
49152:OePpQEFJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEFtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
18e311ef22c8509271918de7fe785dcba0129e247535d74c0c02f28bd6669c0e.exe
Resource
win7-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
18e311ef22c8509271918de7fe785dcba0129e247535d74c0c02f28bd6669c0e
-
Size
2.0MB
-
MD5
00bc277228c88586532035228245d771
-
SHA1
7b40cc14b6358e2646a1620ff658503f966506ab
-
SHA256
18e311ef22c8509271918de7fe785dcba0129e247535d74c0c02f28bd6669c0e
-
SHA512
48d8e1f31b1d4f51d6f41122ff9422a5e626de302e4a5ed0f49975be916efa01e6bc2ce733b003a052cc056a5cea2b10391897e7ef1e5aea3034c93e2ccedb29
-
SSDEEP
49152:OePpQEFJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEFtIuoITsdZ
-
Detect Vidar Stealer
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-