General

  • Target

    afa71166b1b9191bf7bf1ed1893e12716ebceb12b1f6e9e6ca4fa863b7721aac

  • Size

    2.5MB

  • Sample

    240607-qh6apagf5v

  • MD5

    b018704010cd319a3ecbdd5466598775

  • SHA1

    ddf559e8a81e1a790fb26378772594387a4373b0

  • SHA256

    afa71166b1b9191bf7bf1ed1893e12716ebceb12b1f6e9e6ca4fa863b7721aac

  • SHA512

    6027e1e53639a5c4f48906795e216c249d07c908538cbdeb1656d38efc6696ddb9ae1c29f0984359124a647474252a4f9b633962a15c4697ae7dc0760cb0c307

  • SSDEEP

    49152:Zcm4081qpZBUbHEmJasEAQACR07Q3byRD8aXY658:ZcmmqvBUbHt4fAw07QLyLn

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      afa71166b1b9191bf7bf1ed1893e12716ebceb12b1f6e9e6ca4fa863b7721aac

    • Size

      2.5MB

    • MD5

      b018704010cd319a3ecbdd5466598775

    • SHA1

      ddf559e8a81e1a790fb26378772594387a4373b0

    • SHA256

      afa71166b1b9191bf7bf1ed1893e12716ebceb12b1f6e9e6ca4fa863b7721aac

    • SHA512

      6027e1e53639a5c4f48906795e216c249d07c908538cbdeb1656d38efc6696ddb9ae1c29f0984359124a647474252a4f9b633962a15c4697ae7dc0760cb0c307

    • SSDEEP

      49152:Zcm4081qpZBUbHEmJasEAQACR07Q3byRD8aXY658:ZcmmqvBUbHt4fAw07QLyLn

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks