General

  • Target

    cc97d9cc124796d942921430b2659bbb27772a9836ae01716ad94ae2705a3464

  • Size

    2.9MB

  • Sample

    240606-3v9vvsfa27

  • MD5

    b52e2191dc8cdfc4529a76a757354d7d

  • SHA1

    143234a2ca0d732d143e28618408816bd196ff07

  • SHA256

    cc97d9cc124796d942921430b2659bbb27772a9836ae01716ad94ae2705a3464

  • SHA512

    42273d9bf44055fcd4455c710535dd1529af7c03dc7ec7716f9fe22fc7f2c8a7e862664b4878163e114ebbfed64c169cef91620e0cabfdc1021b6dd211a94f60

  • SSDEEP

    49152:rtpSxptE1AKnClMS4cdR/z4+UVi4e9Crn:r/4nE1dC6Kxx4e9Cb

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      cc97d9cc124796d942921430b2659bbb27772a9836ae01716ad94ae2705a3464

    • Size

      2.9MB

    • MD5

      b52e2191dc8cdfc4529a76a757354d7d

    • SHA1

      143234a2ca0d732d143e28618408816bd196ff07

    • SHA256

      cc97d9cc124796d942921430b2659bbb27772a9836ae01716ad94ae2705a3464

    • SHA512

      42273d9bf44055fcd4455c710535dd1529af7c03dc7ec7716f9fe22fc7f2c8a7e862664b4878163e114ebbfed64c169cef91620e0cabfdc1021b6dd211a94f60

    • SSDEEP

      49152:rtpSxptE1AKnClMS4cdR/z4+UVi4e9Crn:r/4nE1dC6Kxx4e9Cb

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks