stealc | b512b0c4c6ef548033fbce2a8261e7e15796be715c5fdd57aa8ef6a67dd1a50d | Triage

Submit
Reports

Overview

overview

Static

static

3

2289656d0b...92.exe

windows7-x64

2289656d0b...92.exe

windows10-2004-x64

Sharing

General

Target

053e2d163701b05e0a365740b3acc67e.bin
Size

2.6MB
Sample

240615-bdmv8axcpm
MD5

c8dfb9029988bc5f5d1682f3640817fa
SHA1

6e1a8c40afd09161aeb6264f49ab40abb3b69f51
SHA256

b512b0c4c6ef548033fbce2a8261e7e15796be715c5fdd57aa8ef6a67dd1a50d
SHA512

619eac9456edcbf4bd8dacd61ce2b0dcff41489d22b53fc9504bf30911d8e3b1570664d4e73cc522d59f0af1a1a43f0931145d36a90c227c8d4aa798b8a5a5f2
SSDEEP

49152:3iZTMjH22ApivM7NNGKaGG+eF5sPiaSff5g94VDHq6ZlmUk2q+LP8LbWHowYTGlf:MTMy2SikxNGKaCeF5sa1ffuulmgq+roS

Score

10^/10

stealc vidar spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2289656d0b1515397a4b1a827382987140dd7c0f0305be61ae2e22b2a882b392.exe

Resource

win7-20240220-en

stealc vidar spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2289656d0b1515397a4b1a827382987140dd7c0f0305be61ae2e22b2a882b392.exe

Resource

win10v2004-20240508-en

stealc vidar stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/memve4erin

https://steamcommunity.com/profiles/76561199699680841

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  2289656d0b1515397a4b1a827382987140dd7c0f0305be61ae2e22b2a882b392.exe
- Size
  
  4.5MB
- MD5
  
  053e2d163701b05e0a365740b3acc67e
- SHA1
  
  aaf04301f284fb9a47a5e570cd830cfc2092f799
- SHA256
  
  2289656d0b1515397a4b1a827382987140dd7c0f0305be61ae2e22b2a882b392
- SHA512
  
  5fa197687df2084c6498fcfb7cccea98c8a195f3182889773d9fd6bcded33cd3d72ac72f62bbb40769bc9aa27f5625217258c4b98329caa45e26cfcad7331f2b
- SSDEEP
  
  98304:+qJcqsmdaTXUbGOJqd9tZ/qPLmpuREHrwRnC/eqJ/o:feqddazUbGPJiPLkqEHgyJ/
Score

10^/10

stealc vidar spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarspywarestealer

behavioral2

stealcvidarstealer

© 2018-2024

Terms | Privacy