General

  • Target

    5653c42b6617e7593e5f9efda27e035cc952036dfb6ef9b590a672b3a71600bf

  • Size

    2.4MB

  • Sample

    240606-3yy8jafa75

  • MD5

    3e46906272e0d3f4190680b7719f98ba

  • SHA1

    8779bd8042a80b0c8b731aa488e7cf5c1c71acba

  • SHA256

    5653c42b6617e7593e5f9efda27e035cc952036dfb6ef9b590a672b3a71600bf

  • SHA512

    67e1681b7ed56cc347927ce932d9a2e70f3fe9cf4e7cb3a3a17210ef1d3af31892a32dbbca8ea2e296425fd5a510f1719dc364497c0869adf77930dbcc8551fc

  • SSDEEP

    49152:wQc81KnB/a/hNT/dRYa8aesY3Ot4N7G/:wDta/hNT/dRn0etD/

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/ta904ek

https://steamcommunity.com/profiles/76561199695752269

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      5653c42b6617e7593e5f9efda27e035cc952036dfb6ef9b590a672b3a71600bf

    • Size

      2.4MB

    • MD5

      3e46906272e0d3f4190680b7719f98ba

    • SHA1

      8779bd8042a80b0c8b731aa488e7cf5c1c71acba

    • SHA256

      5653c42b6617e7593e5f9efda27e035cc952036dfb6ef9b590a672b3a71600bf

    • SHA512

      67e1681b7ed56cc347927ce932d9a2e70f3fe9cf4e7cb3a3a17210ef1d3af31892a32dbbca8ea2e296425fd5a510f1719dc364497c0869adf77930dbcc8551fc

    • SSDEEP

      49152:wQc81KnB/a/hNT/dRYa8aesY3Ot4N7G/:wDta/hNT/dRn0etD/

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks