General

  • Target

    add786485fc8675163fb20e77a908a73fb70f80bc1661cf88dcbf0b73c97fda4

  • Size

    2.5MB

  • Sample

    240607-xt1ynscc6t

  • MD5

    edfd6b0c78793604ed5dedf06ae4869b

  • SHA1

    d38e9613b721816464ccc9335dbf86c36bdd3dda

  • SHA256

    add786485fc8675163fb20e77a908a73fb70f80bc1661cf88dcbf0b73c97fda4

  • SHA512

    908e683bd40abe98edc60b3a7becb3bbdd8d16b705c9c16011ee5931eebbb96150ba5c6f5d9d76f1bf7ea4028859d47176f2bb63873ab6c1ea3081876a6e481e

  • SSDEEP

    49152:Zcm4081qpZBUbHEmJusEAQACR07Q3byRD8aXY658:ZcmmqvBUbHt4fAw07QLyLn

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

    • Target

      add786485fc8675163fb20e77a908a73fb70f80bc1661cf88dcbf0b73c97fda4

    • Size

      2.5MB

    • MD5

      edfd6b0c78793604ed5dedf06ae4869b

    • SHA1

      d38e9613b721816464ccc9335dbf86c36bdd3dda

    • SHA256

      add786485fc8675163fb20e77a908a73fb70f80bc1661cf88dcbf0b73c97fda4

    • SHA512

      908e683bd40abe98edc60b3a7becb3bbdd8d16b705c9c16011ee5931eebbb96150ba5c6f5d9d76f1bf7ea4028859d47176f2bb63873ab6c1ea3081876a6e481e

    • SSDEEP

      49152:Zcm4081qpZBUbHEmJusEAQACR07Q3byRD8aXY658:ZcmmqvBUbHt4fAw07QLyLn

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks