General

  • Target

    85e5efee9dbe286dc1a846145bfc85c925c4a51559d3d1e951fe5464314ce856

  • Size

    2.4MB

  • Sample

    240603-fvgsradh33

  • MD5

    5101374409cf1e5f70fa1ff02e6b63e1

  • SHA1

    134dcce57146738dc0ad796327bd7b4cd6441684

  • SHA256

    85e5efee9dbe286dc1a846145bfc85c925c4a51559d3d1e951fe5464314ce856

  • SHA512

    29bd46d7cdb4eb1295d40471c035c737abc3f57fdf3785e8dc7eddcd4fd5ce5dbebaeae109bece2bebc8e03fe53f2889ec47e053cfd4ea1e8b704862a73369f3

  • SSDEEP

    49152:wQc81KnB/a/hNT/dlYa8aesY3Ot4N7G/:wDta/hNT/dln0etD/

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/ta904ek

https://steamcommunity.com/profiles/76561199695752269

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      85e5efee9dbe286dc1a846145bfc85c925c4a51559d3d1e951fe5464314ce856

    • Size

      2.4MB

    • MD5

      5101374409cf1e5f70fa1ff02e6b63e1

    • SHA1

      134dcce57146738dc0ad796327bd7b4cd6441684

    • SHA256

      85e5efee9dbe286dc1a846145bfc85c925c4a51559d3d1e951fe5464314ce856

    • SHA512

      29bd46d7cdb4eb1295d40471c035c737abc3f57fdf3785e8dc7eddcd4fd5ce5dbebaeae109bece2bebc8e03fe53f2889ec47e053cfd4ea1e8b704862a73369f3

    • SSDEEP

      49152:wQc81KnB/a/hNT/dlYa8aesY3Ot4N7G/:wDta/hNT/dln0etD/

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks