General

  • Target

    5a25a1e8bae7e4e2a9a4f3ba899d823961d80255baeae3759837ad134f3c8d23

  • Size

    1.8MB

  • Sample

    240606-3zmk5afa95

  • MD5

    b3a1060d395fac9543cac5a9c5be138d

  • SHA1

    974d2d38d4189ff21c30cbde7a2c30e311fd42b9

  • SHA256

    5a25a1e8bae7e4e2a9a4f3ba899d823961d80255baeae3759837ad134f3c8d23

  • SHA512

    b34e7d7ec333dbb06154ad70917a425e5ecd90847b2c1f385914e56369ca658d12c639f6d6d5489c7bc738bc90268169b9b59ea2d9e3428b35263714588e7535

  • SSDEEP

    24576:l6z6AnPq5iak02HkjYaOV+rEfv0xwT3zxNOt4XigDSCuptNIeUaKUqm1zE:wer5l4kjYa8aesY3Ot4N7G/IeUAtK

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      5a25a1e8bae7e4e2a9a4f3ba899d823961d80255baeae3759837ad134f3c8d23

    • Size

      1.8MB

    • MD5

      b3a1060d395fac9543cac5a9c5be138d

    • SHA1

      974d2d38d4189ff21c30cbde7a2c30e311fd42b9

    • SHA256

      5a25a1e8bae7e4e2a9a4f3ba899d823961d80255baeae3759837ad134f3c8d23

    • SHA512

      b34e7d7ec333dbb06154ad70917a425e5ecd90847b2c1f385914e56369ca658d12c639f6d6d5489c7bc738bc90268169b9b59ea2d9e3428b35263714588e7535

    • SSDEEP

      24576:l6z6AnPq5iak02HkjYaOV+rEfv0xwT3zxNOt4XigDSCuptNIeUaKUqm1zE:wer5l4kjYa8aesY3Ot4N7G/IeUAtK

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks