General

  • Target

    dc2970e2c39ac27cfe600381e3868cc6b8192b43de675ecc9c3c73c185a9104a

  • Size

    2.5MB

  • Sample

    240607-sdb76aab2x

  • MD5

    bd3d8ab731e2edaee4c1d924ba9466c7

  • SHA1

    d972301100c45f61b82704de1ae800480bcc1d8b

  • SHA256

    dc2970e2c39ac27cfe600381e3868cc6b8192b43de675ecc9c3c73c185a9104a

  • SHA512

    1e6b2701b91ed0b9a50eca9b767d93cc411e2bc9837437d59f99f2c1b457a22a9268ba1ea0086b218b8f86e961ff87a605cd8d30f696010549a3110b9161f78a

  • SSDEEP

    49152:Zcm4081qpZBUbHEmJSsEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtQfAw07QLyLn

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      dc2970e2c39ac27cfe600381e3868cc6b8192b43de675ecc9c3c73c185a9104a

    • Size

      2.5MB

    • MD5

      bd3d8ab731e2edaee4c1d924ba9466c7

    • SHA1

      d972301100c45f61b82704de1ae800480bcc1d8b

    • SHA256

      dc2970e2c39ac27cfe600381e3868cc6b8192b43de675ecc9c3c73c185a9104a

    • SHA512

      1e6b2701b91ed0b9a50eca9b767d93cc411e2bc9837437d59f99f2c1b457a22a9268ba1ea0086b218b8f86e961ff87a605cd8d30f696010549a3110b9161f78a

    • SSDEEP

      49152:Zcm4081qpZBUbHEmJSsEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtQfAw07QLyLn

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks