stealc | ebf0a2b48504013795a31526b914c09d1c84e5bbc9638c4a5e6f8cd1c02d18df | Triage

Submit
Reports

Overview

overview

Static

static

3

ebf0a2b485...df.exe

windows7-x64

ebf0a2b485...df.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ebf0a2b48504013795a31526b914c09d1c84e5bbc9638c4a5e6f8cd1c02d18df.exe
Size

2.0MB
Sample

240605-sw2wjabf44
MD5

94f7884d2a4d8fc6a186e41debc75e4c
SHA1

56f351ed1b5d39c4e78dd0062025bb3440ef5161
SHA256

ebf0a2b48504013795a31526b914c09d1c84e5bbc9638c4a5e6f8cd1c02d18df
SHA512

04775100a00314d0acffa74da756875992b24d9d3823bf1ccd1fe308567dbeab989752d739476b9b637df780abea25335d6e544c55eed7a1e5fdd6a601b8372e
SSDEEP

49152:IFno/jfIJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jAtIuoITsdZT

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ebf0a2b48504013795a31526b914c09d1c84e5bbc9638c4a5e6f8cd1c02d18df.exe

Resource

win7-20240508-en

stealc vidar discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ebf0a2b48504013795a31526b914c09d1c84e5bbc9638c4a5e6f8cd1c02d18df.exe

Resource

win10v2004-20240426-en

stealc vidar stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199686524322

https://t.me/k0mono

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 Ddg/17.4.1

Targets

- Target
  
  ebf0a2b48504013795a31526b914c09d1c84e5bbc9638c4a5e6f8cd1c02d18df.exe
- Size
  
  2.0MB
- MD5
  
  94f7884d2a4d8fc6a186e41debc75e4c
- SHA1
  
  56f351ed1b5d39c4e78dd0062025bb3440ef5161
- SHA256
  
  ebf0a2b48504013795a31526b914c09d1c84e5bbc9638c4a5e6f8cd1c02d18df
- SHA512
  
  04775100a00314d0acffa74da756875992b24d9d3823bf1ccd1fe308567dbeab989752d739476b9b637df780abea25335d6e544c55eed7a1e5fdd6a601b8372e
- SSDEEP
  
  49152:IFno/jfIJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jAtIuoITsdZT
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidarstealer

© 2018-2025

Terms | Privacy