General
-
Target
Set-up_v25.6.exe
-
Size
783.7MB
-
Sample
240615-3trynazend
-
MD5
c5be22159dcc9229cec0c639cad9a475
-
SHA1
9c0752bef3e137f4d222e52926efda7fe472bbc0
-
SHA256
48530f667563a595c24f245c994484ca43c991cce4b77fd1dca8f7d486cbc389
-
SHA512
5e9c2a4f7264471619eb4e522df0064289e6e92db53fb83d3d48a9ed69bc225ce54491dcf9ae8f12dbd58cd248b1253fcf3fa4479d1796187de98d05d0a54c56
-
SSDEEP
196608:zt5BooB+Xac/OygqvMehWR//jqnlsyjgf+YE:VombygjK+/r++yj2
Static task
static1
Malware Config
Extracted
stealc
Targets
-
-
Target
Set-up_v25.6.exe
-
Size
783.7MB
-
MD5
c5be22159dcc9229cec0c639cad9a475
-
SHA1
9c0752bef3e137f4d222e52926efda7fe472bbc0
-
SHA256
48530f667563a595c24f245c994484ca43c991cce4b77fd1dca8f7d486cbc389
-
SHA512
5e9c2a4f7264471619eb4e522df0064289e6e92db53fb83d3d48a9ed69bc225ce54491dcf9ae8f12dbd58cd248b1253fcf3fa4479d1796187de98d05d0a54c56
-
SSDEEP
196608:zt5BooB+Xac/OygqvMehWR//jqnlsyjgf+YE:VombygjK+/r++yj2
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2