General

  • Target

    b69558f58e7c1fa69f138ebe4ec2032273081577cef00b2a44f6cb92a93ffc85

  • Size

    2.5MB

  • Sample

    240607-t58acacb96

  • MD5

    10372ed10d43ff15ffc1ac35a633b9f0

  • SHA1

    49a50f3e916d27baf8af322d9dc0d4fcc386c3c8

  • SHA256

    b69558f58e7c1fa69f138ebe4ec2032273081577cef00b2a44f6cb92a93ffc85

  • SHA512

    2655f20b2077ca7c848da4e0fc98cc27557d92958ff813942336af6bb61a15b2e4497b1ea1b2b6285ab2c00b69ba89c5c792991ce8e1fd3cb6af620cea5d6a86

  • SSDEEP

    49152:Zcm4081qpZBUbHEmJasEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtkfAw07QLyLn

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      b69558f58e7c1fa69f138ebe4ec2032273081577cef00b2a44f6cb92a93ffc85

    • Size

      2.5MB

    • MD5

      10372ed10d43ff15ffc1ac35a633b9f0

    • SHA1

      49a50f3e916d27baf8af322d9dc0d4fcc386c3c8

    • SHA256

      b69558f58e7c1fa69f138ebe4ec2032273081577cef00b2a44f6cb92a93ffc85

    • SHA512

      2655f20b2077ca7c848da4e0fc98cc27557d92958ff813942336af6bb61a15b2e4497b1ea1b2b6285ab2c00b69ba89c5c792991ce8e1fd3cb6af620cea5d6a86

    • SSDEEP

      49152:Zcm4081qpZBUbHEmJasEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtkfAw07QLyLn

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks