General
-
Target
4cca0a50e84e6968361ae0db074f411a9435c7c5db43b61bbfeff7f4a5cd7a8e
-
Size
1.9MB
-
Sample
240528-mc171age33
-
MD5
2e07ae73fb32645cbfbd77502b4f3f40
-
SHA1
eb78a8ae3c81d67f5c797d17253232a75c719930
-
SHA256
4cca0a50e84e6968361ae0db074f411a9435c7c5db43b61bbfeff7f4a5cd7a8e
-
SHA512
49e619548542c0e7ec64bc944d98673ad50116875d28f12e256642204215abfe35167f5971e77d1f50fb84c23b4239e5de5b25b982a7ff5b2aff4d02539f4744
-
SSDEEP
49152:CdKfTn6vmJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnVtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
4cca0a50e84e6968361ae0db074f411a9435c7c5db43b61bbfeff7f4a5cd7a8e.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
4cca0a50e84e6968361ae0db074f411a9435c7c5db43b61bbfeff7f4a5cd7a8e
-
Size
1.9MB
-
MD5
2e07ae73fb32645cbfbd77502b4f3f40
-
SHA1
eb78a8ae3c81d67f5c797d17253232a75c719930
-
SHA256
4cca0a50e84e6968361ae0db074f411a9435c7c5db43b61bbfeff7f4a5cd7a8e
-
SHA512
49e619548542c0e7ec64bc944d98673ad50116875d28f12e256642204215abfe35167f5971e77d1f50fb84c23b4239e5de5b25b982a7ff5b2aff4d02539f4744
-
SSDEEP
49152:CdKfTn6vmJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnVtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-