General
-
Target
d10015cb022bf09a46bfc6236a6fe55e2fd2866fd7ce86e48e041ed09ebc3fe3
-
Size
1.6MB
-
Sample
240611-sr3bhasbqm
-
MD5
cbd48df4b96e163d1e16f418ed26601c
-
SHA1
d025c1cf2dba7abfe8cff3467f517fd06ba9b462
-
SHA256
d10015cb022bf09a46bfc6236a6fe55e2fd2866fd7ce86e48e041ed09ebc3fe3
-
SHA512
25c232a843b3c603d10de1e84b5400311280a437ea255f09060b5bd3b52552fde8108e78afc3cb83e404d2ffbba49c9dafa92292ed04f64189e7e63974b46d28
-
SSDEEP
24576:spM5863IGfTAVpalBHUfMxVVtes12FxwojKr98YGeGG9i:spQLYkTYp6BHUkxVVChjHZQs
Static task
static1
Behavioral task
behavioral1
Sample
d10015cb022bf09a46bfc6236a6fe55e2fd2866fd7ce86e48e041ed09ebc3fe3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://t.me/r8z0l
https://steamcommunity.com/profiles/76561199698764354
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
d10015cb022bf09a46bfc6236a6fe55e2fd2866fd7ce86e48e041ed09ebc3fe3
-
Size
1.6MB
-
MD5
cbd48df4b96e163d1e16f418ed26601c
-
SHA1
d025c1cf2dba7abfe8cff3467f517fd06ba9b462
-
SHA256
d10015cb022bf09a46bfc6236a6fe55e2fd2866fd7ce86e48e041ed09ebc3fe3
-
SHA512
25c232a843b3c603d10de1e84b5400311280a437ea255f09060b5bd3b52552fde8108e78afc3cb83e404d2ffbba49c9dafa92292ed04f64189e7e63974b46d28
-
SSDEEP
24576:spM5863IGfTAVpalBHUfMxVVtes12FxwojKr98YGeGG9i:spQLYkTYp6BHUkxVVChjHZQs
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-