General

  • Target

    c6fe30e16142b9b9dc6e2ba76c1210a2aa1948de35db44f1ebc1a13a31ef132f

  • Size

    2.5MB

  • Sample

    240607-x1bx5adc76

  • MD5

    0fba9b41cbbe08c38dcfa6f122fd91d3

  • SHA1

    41bcdc150a0573781f269e38444c776f8e7c1bbf

  • SHA256

    c6fe30e16142b9b9dc6e2ba76c1210a2aa1948de35db44f1ebc1a13a31ef132f

  • SHA512

    27daf17007a1c09dd393fb63713513e2d5204da4eb8a59eeaffb63c073e1766d7508e7334d73b750cad6b36331d577615361372d26c146d475165bcbd9df6898

  • SSDEEP

    49152:Zcm4081qpZBUbHEmJhsEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtrfAw07QLyLn

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      c6fe30e16142b9b9dc6e2ba76c1210a2aa1948de35db44f1ebc1a13a31ef132f

    • Size

      2.5MB

    • MD5

      0fba9b41cbbe08c38dcfa6f122fd91d3

    • SHA1

      41bcdc150a0573781f269e38444c776f8e7c1bbf

    • SHA256

      c6fe30e16142b9b9dc6e2ba76c1210a2aa1948de35db44f1ebc1a13a31ef132f

    • SHA512

      27daf17007a1c09dd393fb63713513e2d5204da4eb8a59eeaffb63c073e1766d7508e7334d73b750cad6b36331d577615361372d26c146d475165bcbd9df6898

    • SSDEEP

      49152:Zcm4081qpZBUbHEmJhsEAQACR07Q3byRD8aXY658:ZcmmqvBUbHtrfAw07QLyLn

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks