General
-
Target
1cddbe6410e08cb44c7ed7244d9e22305379b0b928ae75042d7c0e8025827394
-
Size
1.9MB
-
Sample
240528-ax36wafh4t
-
MD5
b5137b7bb544c0f4c66e3d68c280cbbd
-
SHA1
2e87bc42369c042807d3b270897a252cbb45bb7f
-
SHA256
1cddbe6410e08cb44c7ed7244d9e22305379b0b928ae75042d7c0e8025827394
-
SHA512
3435893565e60ec73f82486ed09d314535770c05e0df8e1ee3435aaba1d599f6e1facd0dab4c2e67c0bacf0edde3f694cfae6fac0c38e35536166cd2ac909e3e
-
SSDEEP
49152:CdKfTn6vWJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnttIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
1cddbe6410e08cb44c7ed7244d9e22305379b0b928ae75042d7c0e8025827394.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
1cddbe6410e08cb44c7ed7244d9e22305379b0b928ae75042d7c0e8025827394
-
Size
1.9MB
-
MD5
b5137b7bb544c0f4c66e3d68c280cbbd
-
SHA1
2e87bc42369c042807d3b270897a252cbb45bb7f
-
SHA256
1cddbe6410e08cb44c7ed7244d9e22305379b0b928ae75042d7c0e8025827394
-
SHA512
3435893565e60ec73f82486ed09d314535770c05e0df8e1ee3435aaba1d599f6e1facd0dab4c2e67c0bacf0edde3f694cfae6fac0c38e35536166cd2ac909e3e
-
SSDEEP
49152:CdKfTn6vWJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnttIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-