General
-
Target
0b482e2ab1e7617208c8c1efb813fa9068ffef7e6838a4e3480306556a9a8360
-
Size
2.4MB
-
Sample
240610-fz9dkadc64
-
MD5
783e39299c7629c4f388b029645e558c
-
SHA1
8c381c89c48665c907ebb53302d598f671f26901
-
SHA256
0b482e2ab1e7617208c8c1efb813fa9068ffef7e6838a4e3480306556a9a8360
-
SHA512
9dcb071810a55807dae7a1c594be5e6e206f63abcf62d521e1a27770e5ac5abdfed3e1498122e4b2de3ff49f29bf81069b29827b71ec82e8748f98fa43ae31c5
-
SSDEEP
49152:bRynbaHbGJeBwbxc3C4BVEIamvPurzsuvRUwca8OxzTYMeGusZk81bbaonFo:NynbaWeBw1HIEIameviwcaBosTZ5iZ
Behavioral task
behavioral1
Sample
0b482e2ab1e7617208c8c1efb813fa9068ffef7e6838a4e3480306556a9a8360.exe
Resource
win7-20240215-en
Malware Config
Extracted
stealc
Extracted
vidar
https://t.me/r8z0l
https://steamcommunity.com/profiles/76561199698764354
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
0b482e2ab1e7617208c8c1efb813fa9068ffef7e6838a4e3480306556a9a8360
-
Size
2.4MB
-
MD5
783e39299c7629c4f388b029645e558c
-
SHA1
8c381c89c48665c907ebb53302d598f671f26901
-
SHA256
0b482e2ab1e7617208c8c1efb813fa9068ffef7e6838a4e3480306556a9a8360
-
SHA512
9dcb071810a55807dae7a1c594be5e6e206f63abcf62d521e1a27770e5ac5abdfed3e1498122e4b2de3ff49f29bf81069b29827b71ec82e8748f98fa43ae31c5
-
SSDEEP
49152:bRynbaHbGJeBwbxc3C4BVEIamvPurzsuvRUwca8OxzTYMeGusZk81bbaonFo:NynbaWeBw1HIEIameviwcaBosTZ5iZ
-
Detect Vidar Stealer
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-