General
-
Target
de5f6453be3771548a1bc5cc4d6f4c5cccb3bff0d0add68fbb5ec88d87d19637
-
Size
1.9MB
-
Sample
240528-kb9rmsdf23
-
MD5
94022b87c452877a8b3138fc5d2eadc3
-
SHA1
c1dbed0339a01772fe8b4378370656812c49e69a
-
SHA256
de5f6453be3771548a1bc5cc4d6f4c5cccb3bff0d0add68fbb5ec88d87d19637
-
SHA512
ab2dda380fe8f1cbe6b396d838c4ceac6fa4f3eee7c9cba4f4d6c5aaefe74804c7b7be14c9a97acac7e28971d3de9ea64ec86429f10b21e2646d488ad8021638
-
SSDEEP
49152:CdKfTn6v+JtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTn1tIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
de5f6453be3771548a1bc5cc4d6f4c5cccb3bff0d0add68fbb5ec88d87d19637.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
de5f6453be3771548a1bc5cc4d6f4c5cccb3bff0d0add68fbb5ec88d87d19637
-
Size
1.9MB
-
MD5
94022b87c452877a8b3138fc5d2eadc3
-
SHA1
c1dbed0339a01772fe8b4378370656812c49e69a
-
SHA256
de5f6453be3771548a1bc5cc4d6f4c5cccb3bff0d0add68fbb5ec88d87d19637
-
SHA512
ab2dda380fe8f1cbe6b396d838c4ceac6fa4f3eee7c9cba4f4d6c5aaefe74804c7b7be14c9a97acac7e28971d3de9ea64ec86429f10b21e2646d488ad8021638
-
SSDEEP
49152:CdKfTn6v+JtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTn1tIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-