General
-
Target
43ab8d538551ee2d920b1780bced4a7e97a3e9cf8d6f47b6634219120c1ca3de.exe
-
Size
779KB
-
Sample
240604-bp8l3agh95
-
MD5
b8c16305e86cd0c9e66bf9a26bed97c7
-
SHA1
451b83ee2758b91aabf7f0367241d636b6c1d6f5
-
SHA256
43ab8d538551ee2d920b1780bced4a7e97a3e9cf8d6f47b6634219120c1ca3de
-
SHA512
b1d9548fc78fb8626d7e081d2ded7d86743e4f9136b3314315a5afa096e33858d43d7b9d775a623f7733809b0f06b748033518e9c3ac14a190aff5e71ac6ae9b
-
SSDEEP
24576:uky1kNvBHoB+vinRETPD1qL63JnPPX8YpYFLxwuXt:uV1klBHoEURETPD1qL63fYN
Static task
static1
Behavioral task
behavioral1
Sample
43ab8d538551ee2d920b1780bced4a7e97a3e9cf8d6f47b6634219120c1ca3de.exe
Resource
win7-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199689717899
https://t.me/copterwin
Targets
-
-
Target
43ab8d538551ee2d920b1780bced4a7e97a3e9cf8d6f47b6634219120c1ca3de.exe
-
Size
779KB
-
MD5
b8c16305e86cd0c9e66bf9a26bed97c7
-
SHA1
451b83ee2758b91aabf7f0367241d636b6c1d6f5
-
SHA256
43ab8d538551ee2d920b1780bced4a7e97a3e9cf8d6f47b6634219120c1ca3de
-
SHA512
b1d9548fc78fb8626d7e081d2ded7d86743e4f9136b3314315a5afa096e33858d43d7b9d775a623f7733809b0f06b748033518e9c3ac14a190aff5e71ac6ae9b
-
SSDEEP
24576:uky1kNvBHoB+vinRETPD1qL63JnPPX8YpYFLxwuXt:uV1klBHoEURETPD1qL63fYN
-
Detect Vidar Stealer
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-