stealc

General

Target

d51ffcf06dd50b2b76721970c389dde2.exe
Size

911KB
Sample

240611-w665saxamj
MD5

d51ffcf06dd50b2b76721970c389dde2
SHA1

2969c12eb142c1facd990f3db7050742f120d578
SHA256

09b478546bc4ae0d040069e275324a0a6b1d7b08b0ccd66ddf95d9e233c8618e
SHA512

d57755f4c8f6b88bb701f6e5d1ef2e4da4d7628773461e7a9829dddae6c627f931753a29a27639dd5c010d1bad8e3a745da435e9ab6b75d4a3f7f048d8c9c863
SSDEEP

24576:VfLwgdkd80aWoFinfbtihLBfcHL0kPO2yP9+RBQFiv:Bzkd1aWoghidBYvO

Score

10^/10

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://5.75.212.114

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 Ddg/17.4.1

Targets

- Target
  
  d51ffcf06dd50b2b76721970c389dde2.exe
- Size
  
  911KB
- MD5
  
  d51ffcf06dd50b2b76721970c389dde2
- SHA1
  
  2969c12eb142c1facd990f3db7050742f120d578
- SHA256
  
  09b478546bc4ae0d040069e275324a0a6b1d7b08b0ccd66ddf95d9e233c8618e
- SHA512
  
  d57755f4c8f6b88bb701f6e5d1ef2e4da4d7628773461e7a9829dddae6c627f931753a29a27639dd5c010d1bad8e3a745da435e9ab6b75d4a3f7f048d8c9c863
- SSDEEP
  
  24576:VfLwgdkd80aWoFinfbtihLBfcHL0kPO2yP9+RBQFiv:Bzkd1aWoghidBYvO
Score

10^/10

stealc vidar discovery execution spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detect Vidar Stealer

Vidar

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Command and Scripting Interpreter: AutoIT

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2