stealc | 3a0daf8770924f4f9f75a66faf1237e239c83fc96d9c87b1b0dd051ddd612a78 | Triage

Submit
Reports

Overview

overview

Static

static

1

46514a8162...cb.exe

windows7-x64

7

46514a8162...cb.exe

windows10-2004-x64

Sharing

General

Target

3a0daf8770924f4f9f75a66faf1237e239c83fc96d9c87b1b0dd051ddd612a78
Size

9.3MB
Sample

240604-glnqdafc6v
MD5

9f57284f2753c9f00992278506782f9e
SHA1

d2fa6096a2c792ed86e369aa2d580934306569b7
SHA256

3a0daf8770924f4f9f75a66faf1237e239c83fc96d9c87b1b0dd051ddd612a78
SHA512

e8fbe2e18f5e6896346f07c9225596f7b2d828025f648dd78f8a53d73327e94e9a41a9c815494f94973eb03b6a378429b6686de01ff7131788d360f4ba55d9ca
SSDEEP

196608:R4MSWTcvzuKGGFqnGX//meyDoylj218IdfGgL1ELhvqCfMP:CWTcvKnGFqKWeyDoylWbxVELAUMP

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

46514a81626d3c58a48f0bdd17c9bdb2352004ae4ab79af1ca50ff285bcb68cb.exe

Resource

win7-20240220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

46514a81626d3c58a48f0bdd17c9bdb2352004ae4ab79af1ca50ff285bcb68cb.exe

Resource

win10v2004-20240426-en

stealc vidar discovery spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  46514a81626d3c58a48f0bdd17c9bdb2352004ae4ab79af1ca50ff285bcb68cb.exe
- Size
  
  9.9MB
- MD5
  
  711e1fcfc587eee41a187abd9091bfea
- SHA1
  
  cb1e234580935af2f597d9e667f8d2599368abe3
- SHA256
  
  46514a81626d3c58a48f0bdd17c9bdb2352004ae4ab79af1ca50ff285bcb68cb
- SHA512
  
  bb0f540acf5e0e9f5044e3c2868f8aec88199ae5e9007a6df2a904a60b33079cd4d94e66ff195b898c6fe0d91075fb77a789a5e64769b6b4cba81232dc91fdb5
- SSDEEP
  
  196608:tYohctfEFaaf+vApItM1rf/c3y+OykakmBaREv12zsE1EyamEVgwNzYtdeu8T:tYictfEFv+vHC1b/cXcyGE92h1om3oYS
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy