General
-
Target
6c04b7572d6d4a88438ce7ed6d125617d4806df08ad0eebc209ff66f6eb246a7
-
Size
3.6MB
-
Sample
240607-ae1ysseb3w
-
MD5
f0539dbfa8b31d98080839edb97581d2
-
SHA1
a129d7abe1622f76999a97b3ba33696d9806b36c
-
SHA256
6c04b7572d6d4a88438ce7ed6d125617d4806df08ad0eebc209ff66f6eb246a7
-
SHA512
14c58f822db562adebbf7fa6b24584aab7088d5e9ab7fc108fd27478844133c3fda7a5e254a0dc815a6533a1f754760384d38f86623a0dee60f16d6c70bf1b1e
-
SSDEEP
49152:Nmrx7qpujWKPt9m7B4Feydua3ljovhWKCGjYRiainBn8gK7oY:Nmrx7qpuXPtnjEhWR4hB3
Static task
static1
Behavioral task
behavioral1
Sample
6c04b7572d6d4a88438ce7ed6d125617d4806df08ad0eebc209ff66f6eb246a7.exe
Resource
win7-20231129-en
Malware Config
Extracted
stealc
Extracted
vidar
https://88.99.127.107
https://t.me/r8z0l
https://steamcommunity.com/profiles/76561199698764354
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
6c04b7572d6d4a88438ce7ed6d125617d4806df08ad0eebc209ff66f6eb246a7
-
Size
3.6MB
-
MD5
f0539dbfa8b31d98080839edb97581d2
-
SHA1
a129d7abe1622f76999a97b3ba33696d9806b36c
-
SHA256
6c04b7572d6d4a88438ce7ed6d125617d4806df08ad0eebc209ff66f6eb246a7
-
SHA512
14c58f822db562adebbf7fa6b24584aab7088d5e9ab7fc108fd27478844133c3fda7a5e254a0dc815a6533a1f754760384d38f86623a0dee60f16d6c70bf1b1e
-
SSDEEP
49152:Nmrx7qpujWKPt9m7B4Feydua3ljovhWKCGjYRiainBn8gK7oY:Nmrx7qpuXPtnjEhWR4hB3
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-