General
-
Target
9bf80be029877c60ba78b87b17458e8a48ae4b0b95af8d8fe4a163fd79781dfd
-
Size
2.6MB
-
Sample
240528-mxwg9ahb88
-
MD5
c3a2d04b9541e79e07c3f21a140109bb
-
SHA1
cd260020a4b6abc7a1df0889ea2d57b14fbf4032
-
SHA256
9bf80be029877c60ba78b87b17458e8a48ae4b0b95af8d8fe4a163fd79781dfd
-
SHA512
33e33e2a3ce5c5a34fe96f42b7a100c4e5afb5094fee42e24dd41500d4f7bf3fd3fcdf08d6357d5187c49bd8d635657499005b9924199e93ecd0d974a2e7a8db
-
SSDEEP
49152:XQzIzMiqCNw3JtTF+TxMoxc1TU+j+dAzGwlrh:XY598KtIuoITsdZ
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
9bf80be029877c60ba78b87b17458e8a48ae4b0b95af8d8fe4a163fd79781dfd
-
Size
2.6MB
-
MD5
c3a2d04b9541e79e07c3f21a140109bb
-
SHA1
cd260020a4b6abc7a1df0889ea2d57b14fbf4032
-
SHA256
9bf80be029877c60ba78b87b17458e8a48ae4b0b95af8d8fe4a163fd79781dfd
-
SHA512
33e33e2a3ce5c5a34fe96f42b7a100c4e5afb5094fee42e24dd41500d4f7bf3fd3fcdf08d6357d5187c49bd8d635657499005b9924199e93ecd0d974a2e7a8db
-
SSDEEP
49152:XQzIzMiqCNw3JtTF+TxMoxc1TU+j+dAzGwlrh:XY598KtIuoITsdZ
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-