General
-
Target
9ca343c32647472096ccee51bf13264ae7cd8bb5fac174673657ecd9c752f6b6
-
Size
1.6MB
-
Sample
240611-thlststajr
-
MD5
16b72aa05d1f22d6203589185c412b57
-
SHA1
b9dff91c70367de92fb17ad27cb7f173729d94c6
-
SHA256
9ca343c32647472096ccee51bf13264ae7cd8bb5fac174673657ecd9c752f6b6
-
SHA512
643bdf9c22d1cc57826e8ed92328e884e8dd8458281df0fbd36aa49632556ba31ef2b0f3f37b9ff3fc7e145674caf6f2e378634a75d6efb35731223ffb3039cd
-
SSDEEP
24576:spM5863IGfTAVpalB2UfMxVVtes12FxwojKr98YGeGG9i:spQLYkTYp6B2UkxVVChjHZQs
Malware Config
Extracted
stealc
Extracted
vidar
https://t.me/r8z0l
https://steamcommunity.com/profiles/76561199698764354
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Targets
-
-
Target
9ca343c32647472096ccee51bf13264ae7cd8bb5fac174673657ecd9c752f6b6
-
Size
1.6MB
-
MD5
16b72aa05d1f22d6203589185c412b57
-
SHA1
b9dff91c70367de92fb17ad27cb7f173729d94c6
-
SHA256
9ca343c32647472096ccee51bf13264ae7cd8bb5fac174673657ecd9c752f6b6
-
SHA512
643bdf9c22d1cc57826e8ed92328e884e8dd8458281df0fbd36aa49632556ba31ef2b0f3f37b9ff3fc7e145674caf6f2e378634a75d6efb35731223ffb3039cd
-
SSDEEP
24576:spM5863IGfTAVpalB2UfMxVVtes12FxwojKr98YGeGG9i:spQLYkTYp6B2UkxVVChjHZQs
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-