General

  • Target

    d087d92ef2ffbb0d2c84a5b2332eb79d09a9bba14a7bb380c3c18054f05bce44

  • Size

    2.5MB

  • Sample

    240607-v8s59sbe5x

  • MD5

    8366c2c25e079bf2826d5e170f244199

  • SHA1

    470b1cb175bf64fb9e70f91f8d0005dcb7c3ee62

  • SHA256

    d087d92ef2ffbb0d2c84a5b2332eb79d09a9bba14a7bb380c3c18054f05bce44

  • SHA512

    0445f0f4a2eadf620f1fb77440c94f6bd621c95b2906f293646a68c967488077dc9f6270bb3985029a40c06edbc8794e6df7e6b866df6c698fbb2bf3dbc26f0d

  • SSDEEP

    49152:Zcm4081qpZBUbHEmJssEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtSfAw07QLyLn

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      d087d92ef2ffbb0d2c84a5b2332eb79d09a9bba14a7bb380c3c18054f05bce44

    • Size

      2.5MB

    • MD5

      8366c2c25e079bf2826d5e170f244199

    • SHA1

      470b1cb175bf64fb9e70f91f8d0005dcb7c3ee62

    • SHA256

      d087d92ef2ffbb0d2c84a5b2332eb79d09a9bba14a7bb380c3c18054f05bce44

    • SHA512

      0445f0f4a2eadf620f1fb77440c94f6bd621c95b2906f293646a68c967488077dc9f6270bb3985029a40c06edbc8794e6df7e6b866df6c698fbb2bf3dbc26f0d

    • SSDEEP

      49152:Zcm4081qpZBUbHEmJssEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtSfAw07QLyLn

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks