stealc | c8d9edbb928cd7fe9d1ed38aed464b39195cfcd687d4d87164edbd465c8ffd46 | Triage

Submit
Reports

Overview

overview

Static

static

1

#Active_Se...up.exe

windows7-x64

#Active_Se...up.exe

windows10-2004-x64

#Active_Se...up.exe

windows11-21h2-x64

Sharing

General

Target

#Active_Setup_2233_P@ssWord#.zip
Size

14.8MB
Sample

240614-wg7p1svbjq
MD5

9411ae58b6d0c093073de5298dc3a63c
SHA1

fcfba5b0593769f5a545d7284ae5db54d3f9255e
SHA256

c8d9edbb928cd7fe9d1ed38aed464b39195cfcd687d4d87164edbd465c8ffd46
SHA512

d2ba000c596170efcc35151e4cea173f674ada53bfc86376767f8ba6d8bb09adac6067cb04f48cbc055bde795b2f85faf325d93bda9ef9bfbbe83083817e4e6e
SSDEEP

393216:GdPUs09wbsbAXGhOJlcVPpPQDOfOMLSUZ8c:d57boi86BYmNCc

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

#Active_Setup_2233_P@ssWord#/Setup.exe

Resource

win7-20240220-en

stealc vidar stealer

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

#Active_Setup_2233_P@ssWord#/Setup.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Behavioral task

behavioral3

Sample

#Active_Setup_2233_P@ssWord#/Setup.exe

Resource

win11-20240508-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  #Active_Setup_2233_P@ssWord#/Setup.exe
- Size
  
  316KB
- MD5
  
  c637e5ecf625b72f4bef9d28cd81d612
- SHA1
  
  a2c1329d290e508ee9fd0eb81e7f25d57e450f8c
- SHA256
  
  111c56593668be63e1e0c79a2d33d9e2d49cdf0c5100663c72045bc6b76e9fe6
- SHA512
  
  727d78bab4fab3674eec92ca5f07df6a0095ab3b973dd227c599c70e8493592bb53bb9208cc6270713283ef0065acfad3203ddcf4dcb6d43f8727f09ceaaf2e4
- SSDEEP
  
  6144:VzsRSKkhKKXDD2mTLGxelHJ+SBae3VFpSX:6VkhZWEGxelH0SBtfpS
Score

10^/10

stealc vidar stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarstealer

behavioral2

stealcvidardiscoveryspywarestealer

behavioral3

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy