General
-
Target
484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b.exe
-
Size
2.7MB
-
Sample
240528-bjnppsha4v
-
MD5
b8b6d94f2e3b6ae6be5205ef84ae0332
-
SHA1
5ddf798d3d0a007a030a102e6bfc150e5a08ea83
-
SHA256
484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b
-
SHA512
968a81025278fe2598961e1376f4c144dd20979f316231093157dee7364713265675070d67c08510b574966e6178264d7e4d350c15cd5eaa7026ca3e9a2f45b3
-
SSDEEP
49152:KFzUITu6rv7vkceIsWGIgT+pFeawTkvBt:KKfYv4J0wTQB
Static task
static1
Behavioral task
behavioral1
Sample
484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b.exe
-
Size
2.7MB
-
MD5
b8b6d94f2e3b6ae6be5205ef84ae0332
-
SHA1
5ddf798d3d0a007a030a102e6bfc150e5a08ea83
-
SHA256
484de446e05081a326b443adf561111d8d550e0309639007eae2e4c8bdee436b
-
SHA512
968a81025278fe2598961e1376f4c144dd20979f316231093157dee7364713265675070d67c08510b574966e6178264d7e4d350c15cd5eaa7026ca3e9a2f45b3
-
SSDEEP
49152:KFzUITu6rv7vkceIsWGIgT+pFeawTkvBt:KKfYv4J0wTQB
-
Detect Vidar Stealer
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-