General
-
Target
aa4ee6539dbe87923586173020c8b0e65f8eea6581d5ffed59ae27be7b1d6b01
-
Size
1.9MB
-
Sample
240528-c888dada75
-
MD5
eff3c2c6d429b0b0d07867304e5da808
-
SHA1
27a4866f67fbcd1fe6faab872d6e47fa77751226
-
SHA256
aa4ee6539dbe87923586173020c8b0e65f8eea6581d5ffed59ae27be7b1d6b01
-
SHA512
83d2ab95ed7ac855c37ef4cfd86f089d06782138aa1bdae877827afe2a9b378b4ad8f19798e519bc42a363e236fe409e913fb40448c18d9732bbc4b968eb043a
-
SSDEEP
49152:CdKfTn6vuJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnNtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
aa4ee6539dbe87923586173020c8b0e65f8eea6581d5ffed59ae27be7b1d6b01.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
aa4ee6539dbe87923586173020c8b0e65f8eea6581d5ffed59ae27be7b1d6b01
-
Size
1.9MB
-
MD5
eff3c2c6d429b0b0d07867304e5da808
-
SHA1
27a4866f67fbcd1fe6faab872d6e47fa77751226
-
SHA256
aa4ee6539dbe87923586173020c8b0e65f8eea6581d5ffed59ae27be7b1d6b01
-
SHA512
83d2ab95ed7ac855c37ef4cfd86f089d06782138aa1bdae877827afe2a9b378b4ad8f19798e519bc42a363e236fe409e913fb40448c18d9732bbc4b968eb043a
-
SSDEEP
49152:CdKfTn6vuJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnNtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-