stealc | e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5
Size

14.1MB
Sample

240614-qbffpa1hrg
MD5

5d0b96b2f2610709f046780420ab2ccc
SHA1

9980ca77ad2e5eae32733c1d6df05f878e092e5a
SHA256

e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5
SHA512

dae781d02638da51f353cc66b8cdd6d759e2987a21cc7f02baa432a94bc9c977426c61ffe0f06d1cfa60a3f8d0e10e16fe3ada78affe1c8921b52ac3a85889f8
SSDEEP

98304:yvMsbagKjC8xLKyAGN3W2+vVdL2uMXJsuLfMhj0+N0R/EKbMkZfmTUTAMs:MfK/eyAGN3UvVd0XJsOfMhjQRcKCdMs

Score

10^/10

stealc vidar spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5.exe

Resource

win10v2004-20240508-en

stealc vidar stealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5.exe

Resource

win11-20240611-en

stealc vidar spyware stealer

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/memve4erin

https://steamcommunity.com/profiles/76561199699680841

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5
- Size
  
  14.1MB
- MD5
  
  5d0b96b2f2610709f046780420ab2ccc
- SHA1
  
  9980ca77ad2e5eae32733c1d6df05f878e092e5a
- SHA256
  
  e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5
- SHA512
  
  dae781d02638da51f353cc66b8cdd6d759e2987a21cc7f02baa432a94bc9c977426c61ffe0f06d1cfa60a3f8d0e10e16fe3ada78affe1c8921b52ac3a85889f8
- SSDEEP
  
  98304:yvMsbagKjC8xLKyAGN3W2+vVdL2uMXJsuLfMhj0+N0R/EKbMkZfmTUTAMs:MfK/eyAGN3UvVd0XJsOfMhjQRcKCdMs
Score

10^/10

stealc vidar stealer spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarstealer

behavioral2

stealcvidarspywarestealer

© 2018-2024

Terms | Privacy