stealc

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

8.3MB
Sample

240527-xa7l4sdf3s
MD5

ae47c12b9320e702a9ce243193494554
SHA1

28181880164f5f73c611126dee950af8036e9988
SHA256

6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
SHA512

4714222f820c54a564d58607ade523699a5aa5f0200da7b7d7dcf6fd5b35635ff63592a1e7804c3360aa164733ebd677711dd33c4af8093e8d2eba7c61177d8a
SSDEEP

196608:Fv1W8cKlJIszteRKn1chTDQfW7ancKlJIszteRKn1chTDQfWg:Fv1W8v1Bee1chTseenv1Bee1chTseg

Score

10^/10

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  8.3MB
- MD5
  
  ae47c12b9320e702a9ce243193494554
- SHA1
  
  28181880164f5f73c611126dee950af8036e9988
- SHA256
  
  6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
- SHA512
  
  4714222f820c54a564d58607ade523699a5aa5f0200da7b7d7dcf6fd5b35635ff63592a1e7804c3360aa164733ebd677711dd33c4af8093e8d2eba7c61177d8a
- SSDEEP
  
  196608:Fv1W8cKlJIszteRKn1chTDQfW7ancKlJIszteRKn1chTDQfWg:Fv1W8v1Bee1chTseenv1Bee1chTseg
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  dc91f181f9cb870fff0c58bc0ea63eda
- SHA1
  
  cc37e24f6071dea801d0eb59bcc2a9221cf1c74b
- SHA256
  
  e74f442771f034a24b77d3a849b343551bdef69ef151c622cb9fd5f34dccda81
- SHA512
  
  714605cad60dca30da96172b5ca1a1d8838d27f0a9979aa0db125d373cd3e015ae6b39c7b7d2b3fc9a4b5433ff1d7d2427caf3a2b5d1ae321e218d3c8fe8f9a4
- SSDEEP
  
  96:FxIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/t3lkCTcaqHCI:4hE+A0+sF6piUFkAxlncviI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  192639861e3dc2dc5c08bb8f8c7260d5
- SHA1
  
  58d30e460609e22fa0098bc27d928b689ef9af78
- SHA256
  
  23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
- SHA512
  
  6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
- SSDEEP
  
  192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  b7d61f3f56abf7b7ff0d4e7da3ad783d
- SHA1
  
  15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
- SHA256
  
  89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
- SHA512
  
  6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8
- SSDEEP
  
  96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
Score

3^/10
behavioral10 behavioral9
- Target
  
  Mp3tag.exe
- Size
  
  8.8MB
- MD5
  
  ba739966d163e955110750d63546d183
- SHA1
  
  a6506a13e1d16c818742538746bb2ff9f99d430d
- SHA256
  
  0542791d5427879928672e7f962b6130495c5592252ba8470b7fedb03aa6f2d0
- SHA512
  
  e87aa416b2bf34a5c532e4354f203e3de0be329fc49af5263fc37a6e53ea66a694f97d83e044ed4df312467ffac32d7aa37bdb4ec5b6af3464e25df1cc6ae46f
- SSDEEP
  
  98304:ni2hwSVsTzfT9Kzo0iesScTon/C2VE70Pf25Cx4fTDpFO3RPr2T6uNG5TuLhvc5o:dwDsieG+/CHQtWf5FOR2TwTAhCw3
Score

1^/10
behavioral11 behavioral12
- Target
  
  data/sources/Cover Art#Discogs Release ID.src
- Size
  
  1KB
- MD5
  
  3c14d2d39fbfcf22635470ed9fdfc2f8
- SHA1
  
  ae2a522ea122166654415c2d4024be5f32eeb8bb
- SHA256
  
  3e07aa33315da4a9abc32c3b2e657cde1e612daf4cdc0e54f093cffdf213515a
- SHA512
  
  ed92685809fa40a21661cbea422d9838115e366511a5592b92d5d4fd5a03762ce14703f6cd9aa9b0e6b159a9188f95edb1c02e802d7fee906264eb674cc3c48b
Score

1^/10
behavioral13 behavioral14
- Target
  
  data/sources/Cover Art#Discogs.inc
- Size
  
  3KB
- MD5
  
  134917bff7f348b9d7d3103b917ed6c8
- SHA1
  
  8ba51f9f4fa6f02a8540b5bc2933cd735ad27424
- SHA256
  
  dc52cf851e808586d6705e889b57df27afa7e1b614e50bb0dfa69bf783dae850
- SHA512
  
  8da5a7dc705147ce8138cbc14dce5fc6e4fc084813317cf40b24232e68f6469f2f6dd7e0bae38754fa74e33a8299d4c5c9c6f91f7dba66765904a8f410b904c9
Score

1^/10
behavioral15 behavioral16
- Target
  
  data/sources/Discogs Release ID.src
- Size
  
  8KB
- MD5
  
  334dc55d7bd9db4e12450efb79eaa9eb
- SHA1
  
  b5911689a1e8cee64c96536488abac6881a6941a
- SHA256
  
  097bc69c526b276287d34d98a02e72b7126777ac693962fd18e7d25f24247173
- SHA512
  
  e44c415e5d5ff6475c420266c698416e412025b898455587d00c1c2caa40da833da3aa9e3a52e099fd0a5d335814fa1992d9409d044fc8ed101d21cf4738d45d
- SSDEEP
  
  192:MX/n8rdDQ6LwgdtRx4REgNmg9YALjqZBcY2qCn7gBc/qOgWVBhVwvhWLgmLh0h8E:iidDQ60gdtAjhLjqZBcY2qCn7gBc/qO8
Score

1^/10
behavioral17 behavioral18
- Target
  
  data/sources/Discogs.inc
- Size
  
  10KB
- MD5
  
  c9fdf46ed993783fe3c3b142ac79d28e
- SHA1
  
  0c7a9685a9fab8543638c206aec7e16a028b5e37
- SHA256
  
  338f9c882f6dfe5d49e124edfd7ce06e933a1b31d0c65940f8c860182c7e4e33
- SHA512
  
  11bc503b64a571a53c6174aad1dae906a6007ce9686da975242570de92e4d865f693f0dfe0814e9e2038821528c85eb43e5a7d2eb6414728e05b1a0329e1509f
- SSDEEP
  
  192:MXT1j8oBu3D2ySPRnP5gdtRx4REgNmg9YALjqZBcY2qCn7gBc/qOgWVBhVwvhWLm:fPD21JxgdtAjhLjqZBcY2qCn7gBc/qO8
Score

1^/10
behavioral19 behavioral20
- Target
  
  data/sources/MusicBrainz.src
- Size
  
  10KB
- MD5
  
  d56141c1823c8c8ce459f3d7d4119b04
- SHA1
  
  e123bf64ed63a046d6f87243f43ada2f75562832
- SHA256
  
  45bf41b01da0834b81e897d3f7fce14de95f2ca1fc59460d6921217ca4ed86ce
- SHA512
  
  64c3a3148ad5a89a4dc3eed82682b2c8d4b91fcf2ae80de1e80d63792de28516cc694fec94d96b01fdb7bb5c6882194d32895a5bf3969ea470067535fc9cfb83
- SSDEEP
  
  192:z/nTB8Dt0sRH+D3LVMJNnIKv4PAgMvFbd/fb4bS7Px66btPWJttYtdfpHRNr1GH2:rTBBKs3LBKAIvFxHUAZ6c+1IdfpHjr1l
Score

1^/10
behavioral21 behavioral22
- Target
  
  lang/Corsican.lng
- Size
  
  38KB
- MD5
  
  d656fadef7447bb776da99aebf5185cc
- SHA1
  
  396a9cb15fa2de5d684400fc594a63f874599fa8
- SHA256
  
  426d535e7909b111f23fb8dbb81b71ef4cb42f4d2eb8255ecad9757660d0cbcb
- SHA512
  
  110b9992b4caf5a79fd2ddd8ee4d7e92610efa4b9299effb08fb07442564f19972b99706bbe26aa625a80dad8d59dbd6a02a83ed2e188f218b65884256de3a3c
- SSDEEP
  
  768:ZYpvL5EHnI56wg1soeqP3YyEQ0mCFKGV/V5uGz:uvL5EHI56wysKwxmCDhz
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Vidar Stealer

Vidar

Downloads MZ/PE file

Checks computer location settings

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24