General

  • Target

    1b54f5d8984264d22f0bdba041e694c9b9fcbb3a201c0d1c0e5acf5cca912825

  • Size

    2.4MB

  • Sample

    240601-wz9x4abf38

  • MD5

    fdfd4aea40056803e22092de63cd7c57

  • SHA1

    e89a8e6532b126804bc13e2d152f66e73d82e807

  • SHA256

    1b54f5d8984264d22f0bdba041e694c9b9fcbb3a201c0d1c0e5acf5cca912825

  • SHA512

    690ca2e6e240a5193409909614467f2c730aeca4c53bc2f64f56b84032c22a458a2761f57265bdc164776d65df14e38ff7adee076287caaeac8cd3e4e18ca56a

  • SSDEEP

    49152:wQc81KnB/a/hNT/dNYa8aesY3Ot4N7G/:wDta/hNT/dNn0etD/

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/ta904ek

https://steamcommunity.com/profiles/76561199695752269

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      1b54f5d8984264d22f0bdba041e694c9b9fcbb3a201c0d1c0e5acf5cca912825

    • Size

      2.4MB

    • MD5

      fdfd4aea40056803e22092de63cd7c57

    • SHA1

      e89a8e6532b126804bc13e2d152f66e73d82e807

    • SHA256

      1b54f5d8984264d22f0bdba041e694c9b9fcbb3a201c0d1c0e5acf5cca912825

    • SHA512

      690ca2e6e240a5193409909614467f2c730aeca4c53bc2f64f56b84032c22a458a2761f57265bdc164776d65df14e38ff7adee076287caaeac8cd3e4e18ca56a

    • SSDEEP

      49152:wQc81KnB/a/hNT/dNYa8aesY3Ot4N7G/:wDta/hNT/dNn0etD/

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks