General
-
Target
fbd2a08a6672670f45cc8c4630d3d2c287fd22b811a6394f75debb033e66d208
-
Size
1.9MB
-
Sample
240528-gmg9zshg57
-
MD5
6639489ca988a57a35186c9085c9c3e0
-
SHA1
28ec1bd89976bc427a39b72ab6e4573366a27047
-
SHA256
fbd2a08a6672670f45cc8c4630d3d2c287fd22b811a6394f75debb033e66d208
-
SHA512
bfff81e24864c3712157183252ef87df0a2b5d84d0ad355cff7b37d3c9e3d717169bea895f6f36a510147db5456e5e504ed08455bc66aaf50b39bb6102381922
-
SSDEEP
49152:CdKfTn6vmJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnVtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
fbd2a08a6672670f45cc8c4630d3d2c287fd22b811a6394f75debb033e66d208.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
fbd2a08a6672670f45cc8c4630d3d2c287fd22b811a6394f75debb033e66d208
-
Size
1.9MB
-
MD5
6639489ca988a57a35186c9085c9c3e0
-
SHA1
28ec1bd89976bc427a39b72ab6e4573366a27047
-
SHA256
fbd2a08a6672670f45cc8c4630d3d2c287fd22b811a6394f75debb033e66d208
-
SHA512
bfff81e24864c3712157183252ef87df0a2b5d84d0ad355cff7b37d3c9e3d717169bea895f6f36a510147db5456e5e504ed08455bc66aaf50b39bb6102381922
-
SSDEEP
49152:CdKfTn6vmJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnVtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-