General
-
Target
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
-
Size
8.3MB
-
Sample
240527-xcdrtadf6t
-
MD5
ae47c12b9320e702a9ce243193494554
-
SHA1
28181880164f5f73c611126dee950af8036e9988
-
SHA256
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
-
SHA512
4714222f820c54a564d58607ade523699a5aa5f0200da7b7d7dcf6fd5b35635ff63592a1e7804c3360aa164733ebd677711dd33c4af8093e8d2eba7c61177d8a
-
SSDEEP
196608:Fv1W8cKlJIszteRKn1chTDQfW7ancKlJIszteRKn1chTDQfWg:Fv1W8v1Bee1chTseenv1Bee1chTseg
Malware Config
Targets
-
-
Target
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
-
Size
8.3MB
-
MD5
ae47c12b9320e702a9ce243193494554
-
SHA1
28181880164f5f73c611126dee950af8036e9988
-
SHA256
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
-
SHA512
4714222f820c54a564d58607ade523699a5aa5f0200da7b7d7dcf6fd5b35635ff63592a1e7804c3360aa164733ebd677711dd33c4af8093e8d2eba7c61177d8a
-
SSDEEP
196608:Fv1W8cKlJIszteRKn1chTDQfW7ancKlJIszteRKn1chTDQfWg:Fv1W8v1Bee1chTseenv1Bee1chTseg
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-