stealc | 31180e8fc96abee8b0a38d49163a51ec0cef3ee1faea65426f5061c72a2e8f48 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

31180e8fc96abee8b0a38d49163a51ec0cef3ee1faea65426f5061c72a2e8f48
Size

2.4MB
Sample

240606-25njyadd2w
MD5

21687c2f0f47cde039c509a879a32d1b
SHA1

b986dcb5afbe3591ad3dc3d6bfbf4c7f7ea2f05b
SHA256

31180e8fc96abee8b0a38d49163a51ec0cef3ee1faea65426f5061c72a2e8f48
SHA512

c413ef475ff53ac2bf2cdd3262e83148c84499260879275c45e87cdae95a53770636f8c7b6d7af22ef6f30e524d986acaf1469baf5c82ae6719693599ab83537
SSDEEP

49152:wQc81KnB/a/hNT/d9Ya8aesY3Ot4N7G/:wDta/hNT/d9n0etD/

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

31180e8fc96abee8b0a38d49163a51ec0cef3ee1faea65426f5061c72a2e8f48.exe

Resource

win7-20240221-en

stealc vidar discovery spyware stealer

windows7-x64

17 signatures

300 seconds

Behavioral task

behavioral2

Sample

31180e8fc96abee8b0a38d49163a51ec0cef3ee1faea65426f5061c72a2e8f48.exe

Resource

win10-20240404-en

stealc vidar discovery spyware stealer

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

1
2910114286690104117195131148

Extracted

Family

vidar

C2

https://t.me/ta904ek

https://steamcommunity.com/profiles/76561199695752269

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

- Target
  
  31180e8fc96abee8b0a38d49163a51ec0cef3ee1faea65426f5061c72a2e8f48
- Size
  
  2.4MB
- MD5
  
  21687c2f0f47cde039c509a879a32d1b
- SHA1
  
  b986dcb5afbe3591ad3dc3d6bfbf4c7f7ea2f05b
- SHA256
  
  31180e8fc96abee8b0a38d49163a51ec0cef3ee1faea65426f5061c72a2e8f48
- SHA512
  
  c413ef475ff53ac2bf2cdd3262e83148c84499260879275c45e87cdae95a53770636f8c7b6d7af22ef6f30e524d986acaf1469baf5c82ae6719693599ab83537
- SSDEEP
  
  49152:wQc81KnB/a/hNT/d9Ya8aesY3Ot4N7G/:wDta/hNT/d9n0etD/
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.