General
-
Target
97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3
-
Size
2.4MB
-
Sample
240607-ay768afe94
-
MD5
02325ca4f6fb7ff091e5d30801bd1e2e
-
SHA1
a06a1cbe512b254fc817c341d42cb6c005bd6744
-
SHA256
97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3
-
SHA512
83171abc87e0ac09a1c6f948e6452fd6978d862561452254453309459230e3cd94f178babbfc35a82c3e91fe9b2299d9408f9cc206080e50b22f86193ff2a37c
-
SSDEEP
49152:wQc81KnB/a/hNT/dtYa8aesY3Ot4N7G/:wDta/hNT/dtn0etD/
Static task
static1
Behavioral task
behavioral1
Sample
97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3.exe
Resource
win7-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://t.me/ta904ek
https://steamcommunity.com/profiles/76561199695752269
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3
-
Size
2.4MB
-
MD5
02325ca4f6fb7ff091e5d30801bd1e2e
-
SHA1
a06a1cbe512b254fc817c341d42cb6c005bd6744
-
SHA256
97fefa69d847bcddc37f1a622159c9028bc081572af48fd9489652ebace08bd3
-
SHA512
83171abc87e0ac09a1c6f948e6452fd6978d862561452254453309459230e3cd94f178babbfc35a82c3e91fe9b2299d9408f9cc206080e50b22f86193ff2a37c
-
SSDEEP
49152:wQc81KnB/a/hNT/dtYa8aesY3Ot4N7G/:wDta/hNT/dtn0etD/
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-