General
-
Target
#Active_Setup_2233_P@ssWord#.zip
-
Size
14.8MB
-
Sample
240614-wg7p1svbjq
-
MD5
9411ae58b6d0c093073de5298dc3a63c
-
SHA1
fcfba5b0593769f5a545d7284ae5db54d3f9255e
-
SHA256
c8d9edbb928cd7fe9d1ed38aed464b39195cfcd687d4d87164edbd465c8ffd46
-
SHA512
d2ba000c596170efcc35151e4cea173f674ada53bfc86376767f8ba6d8bb09adac6067cb04f48cbc055bde795b2f85faf325d93bda9ef9bfbbe83083817e4e6e
-
SSDEEP
393216:GdPUs09wbsbAXGhOJlcVPpPQDOfOMLSUZ8c:d57boi86BYmNCc
Static task
static1
Behavioral task
behavioral1
Sample
#Active_Setup_2233_P@ssWord#/Setup.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
#Active_Setup_2233_P@ssWord#/Setup.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Targets
-
-
Target
#Active_Setup_2233_P@ssWord#/Setup.exe
-
Size
316KB
-
MD5
c637e5ecf625b72f4bef9d28cd81d612
-
SHA1
a2c1329d290e508ee9fd0eb81e7f25d57e450f8c
-
SHA256
111c56593668be63e1e0c79a2d33d9e2d49cdf0c5100663c72045bc6b76e9fe6
-
SHA512
727d78bab4fab3674eec92ca5f07df6a0095ab3b973dd227c599c70e8493592bb53bb9208cc6270713283ef0065acfad3203ddcf4dcb6d43f8727f09ceaaf2e4
-
SSDEEP
6144:VzsRSKkhKKXDD2mTLGxelHJ+SBae3VFpSX:6VkhZWEGxelH0SBtfpS
-
Detect Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-