General
-
Target
18139aec31967373c65a25400649bfd85f8eae4bb9cffdb9ed8e1a9c1f257fd5
-
Size
2.6MB
-
Sample
240528-n68plscd56
-
MD5
845e7101c77693f1640876c8c3a7a449
-
SHA1
e60c85a56203a59701df6c3d14d7bd5c574994ef
-
SHA256
18139aec31967373c65a25400649bfd85f8eae4bb9cffdb9ed8e1a9c1f257fd5
-
SHA512
fa1b6fdc4f1126c88f47c977d06d253cb984e84877404ac74b34a8b294e422ce0810104d2c58e23ce0048339282f95668a4a6e027cac3aa237ced16c37086f22
-
SSDEEP
49152:XQzIzMiqCNwFJtTF+TxMoxc1TU+j+dAzGwlrh:XY598AtIuoITsdZ
Static task
static1
Behavioral task
behavioral1
Sample
18139aec31967373c65a25400649bfd85f8eae4bb9cffdb9ed8e1a9c1f257fd5.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
18139aec31967373c65a25400649bfd85f8eae4bb9cffdb9ed8e1a9c1f257fd5
-
Size
2.6MB
-
MD5
845e7101c77693f1640876c8c3a7a449
-
SHA1
e60c85a56203a59701df6c3d14d7bd5c574994ef
-
SHA256
18139aec31967373c65a25400649bfd85f8eae4bb9cffdb9ed8e1a9c1f257fd5
-
SHA512
fa1b6fdc4f1126c88f47c977d06d253cb984e84877404ac74b34a8b294e422ce0810104d2c58e23ce0048339282f95668a4a6e027cac3aa237ced16c37086f22
-
SSDEEP
49152:XQzIzMiqCNwFJtTF+TxMoxc1TU+j+dAzGwlrh:XY598AtIuoITsdZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-