General

  • Target

    97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3

  • Size

    2.4MB

  • Sample

    240607-ay768afe94

  • MD5

    02325ca4f6fb7ff091e5d30801bd1e2e

  • SHA1

    a06a1cbe512b254fc817c341d42cb6c005bd6744

  • SHA256

    97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3

  • SHA512

    83171abc87e0ac09a1c6f948e6452fd6978d862561452254453309459230e3cd94f178babbfc35a82c3e91fe9b2299d9408f9cc206080e50b22f86193ff2a37c

  • SSDEEP

    49152:wQc81KnB/a/hNT/dtYa8aesY3Ot4N7G/:wDta/hNT/dtn0etD/

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/ta904ek

https://steamcommunity.com/profiles/76561199695752269

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3

    • Size

      2.4MB

    • MD5

      02325ca4f6fb7ff091e5d30801bd1e2e

    • SHA1

      a06a1cbe512b254fc817c341d42cb6c005bd6744

    • SHA256

      97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3

    • SHA512

      83171abc87e0ac09a1c6f948e6452fd6978d862561452254453309459230e3cd94f178babbfc35a82c3e91fe9b2299d9408f9cc206080e50b22f86193ff2a37c

    • SSDEEP

      49152:wQc81KnB/a/hNT/dtYa8aesY3Ot4N7G/:wDta/hNT/dtn0etD/

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks