General

  • Target

    0cd6eba7b6dbeefd4572be0ae903518e95b306fd087ffd6077b7ed316d074af8

  • Size

    2.6MB

  • Sample

    240528-temwqacb74

  • MD5

    61228de41df39ca9790f61e26d645e46

  • SHA1

    eb010f8b6d3ba0456b2285f8cde62aaf7f8debfc

  • SHA256

    0cd6eba7b6dbeefd4572be0ae903518e95b306fd087ffd6077b7ed316d074af8

  • SHA512

    cfcfc021264f47fbbbed7a2d02cb06e39c89b9c641e7de658ed43556529aa52fa3b4c9b91fef4b201764e02c334bdbed97f2c8a46dd88f014b337a89aaa0a25e

  • SSDEEP

    49152:XQzIzMiqCNwzJtTF+TxMoxc1TU+j+dAzGwlrh:XY598GtIuoITsdZ

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199689717899

https://t.me/copterwin

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      0cd6eba7b6dbeefd4572be0ae903518e95b306fd087ffd6077b7ed316d074af8

    • Size

      2.6MB

    • MD5

      61228de41df39ca9790f61e26d645e46

    • SHA1

      eb010f8b6d3ba0456b2285f8cde62aaf7f8debfc

    • SHA256

      0cd6eba7b6dbeefd4572be0ae903518e95b306fd087ffd6077b7ed316d074af8

    • SHA512

      cfcfc021264f47fbbbed7a2d02cb06e39c89b9c641e7de658ed43556529aa52fa3b4c9b91fef4b201764e02c334bdbed97f2c8a46dd88f014b337a89aaa0a25e

    • SSDEEP

      49152:XQzIzMiqCNwzJtTF+TxMoxc1TU+j+dAzGwlrh:XY598GtIuoITsdZ

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks