General
-
Target
fc16fb413e724e1062fa1834242b4e401a205f4e670e8160dea6009817504ef1
-
Size
2.5MB
-
Sample
240607-2xx4eaef92
-
MD5
6853c792f9e49611166fad1423170e3a
-
SHA1
f1ac017f194323b45c623f15d9f8e7177b8693f5
-
SHA256
fc16fb413e724e1062fa1834242b4e401a205f4e670e8160dea6009817504ef1
-
SHA512
1f5c7a1fee8d64a0bc24d58249a4b73d30b87d24932c9340c5650c5417df0a78839d1aa3695bdf05845b76e2ad6271117736d47f95ea28b202ba05a810ad4148
-
SSDEEP
49152:Zcm4081qpZBUbHEmJtsEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtDfAw07QLyLn
Static task
static1
Behavioral task
behavioral1
Sample
fc16fb413e724e1062fa1834242b4e401a205f4e670e8160dea6009817504ef1.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
Extracted
vidar
https://t.me/r8z0l
https://steamcommunity.com/profiles/76561199698764354
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
fc16fb413e724e1062fa1834242b4e401a205f4e670e8160dea6009817504ef1
-
Size
2.5MB
-
MD5
6853c792f9e49611166fad1423170e3a
-
SHA1
f1ac017f194323b45c623f15d9f8e7177b8693f5
-
SHA256
fc16fb413e724e1062fa1834242b4e401a205f4e670e8160dea6009817504ef1
-
SHA512
1f5c7a1fee8d64a0bc24d58249a4b73d30b87d24932c9340c5650c5417df0a78839d1aa3695bdf05845b76e2ad6271117736d47f95ea28b202ba05a810ad4148
-
SSDEEP
49152:Zcm4081qpZBUbHEmJtsEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtDfAw07QLyLn
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-