stealc

Sharing

Copy URL

Twitter E-mail

General

Target

25cbba8cb4b96c8b9e6c8490c2460eb8fecb3b6dd4eb8fc2a06392cb018dda5b.zip
Size

14.0MB
Sample

240615-bmwjqaterf
MD5

c5beb2107b1c858ace78ea6ce60ba131
SHA1

7d9fab73d76f00933107d8dc680aa6d1de053538
SHA256

25cbba8cb4b96c8b9e6c8490c2460eb8fecb3b6dd4eb8fc2a06392cb018dda5b
SHA512

307604092c9574fcaaf134def38e815de50d48835c5167086fdab5963a6e195633bcb59b667f102f02be01192984a975a2691897c3bbc2be855d036c5a7b1e47
SSDEEP

393216:qzEczUdMmVDBOxcEE/S17dGzzSlnsmLbIzNkqo6Wu+9Tq:qgczU2mVDEy7egzzSlnsSICU7Mq

Score

10^/10

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/Qt5Core.dll
- Size
  
  6.0MB
- MD5
  
  1ccc90e7aac237b45a75292bc9145cb9
- SHA1
  
  738c89f4cc688efc84e24994f4dc077cc77342fe
- SHA256
  
  2e33fe29145a2f13dcb56635eb292f6c25c116e1e14fa081eb728ee04071ae25
- SHA512
  
  89ab2b82c1d93a22c63eb3f09344bdd66a8b7decfd106f223c8f17ac7953fdf2d89b35d9cd1452239f3df131c03f2bc059471aa261b57ccca1174ee6d26662fc
- SSDEEP
  
  98304:WE5jJSnL0VxTVnycJsv6tWKFdu9Cs/CzYnxqfTgw:WE5NSn0xscJsv6tWKFdu9CMkexqfTF
Score

1^/10
behavioral1 behavioral2
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/Qt5Network.dll
- Size
  
  1.3MB
- MD5
  
  c24c89879410889df656e3a961c59bcc
- SHA1
  
  25a9e4e545e86b0a5fe14ee0147746667892fabd
- SHA256
  
  739bedcfc8eb860927eb2057474be5b39518aaaa6703f9f85307a432fa1f236e
- SHA512
  
  0542c431049e4fd40619579062d206396bef2f6dadadbf9294619c918b9e6c96634dcd404b78c6045974295126ec35dd842c6ec8f42279d9598b57a751cd0034
- SSDEEP
  
  24576:HO51NG2bq1mhQpCR4SSUVxiKZiva+su3pUlSuMEFR+PoT0lqU:34hQoRpSUVYKZqvsu3pUlNMEePoT0E
Score

1^/10
behavioral3 behavioral4
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/Setup.exe
- Size
  
  5.4MB
- MD5
  
  ad2735f096925010a53450cb4178c89e
- SHA1
  
  c6d65163c6315a642664f4eaec0fae9528549bfe
- SHA256
  
  4e775b5fafb4e6d89a4694f8694d2b8b540534bd4a52ff42f70095f1c929160e
- SHA512
  
  1868b22a7c5cba89545b06f010c09c5418b3d86039099d681eee9567c47208fdba3b89c6251cf03c964c58c805280d45ba9c3533125f6bd3e0bc067477e03ab9
- SSDEEP
  
  98304:o/zx+riUDpJowboU+XEsumY2XW6jBYeZ1ER:2x+riUDwUj12X1tY5
Score

10^/10

stealc vidar stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
- Detects executables containing potential Windows Defender anti-emulation checks
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/hogg.pptx
- Size
  
  85KB
- MD5
  
  4a1bb50a70821601f854cb93681f57a1
- SHA1
  
  be7d7dabd24c40066f301499dae299cb90afd8c1
- SHA256
  
  4db21e4665018a3e6cd03ec1b65f42a1c6c8f8046b3f451a1e025a2013e8203f
- SHA512
  
  c8157213c3232cefc4e2d075091b1b848b67b2a802244e368223a89e22ee90e8b46f0e5f6c09ecb251ada5c4fe9325d1009fc81f31baa1e1367923a879fd4f7a
- SSDEEP
  
  1536:zD9bYCak3t5H8JDtUetbmzSniODDjrghDiR8ID5hHKRwh:zDKPpTAzQoYmRo
Score

1^/10
behavioral7 behavioral8
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/libcrypto-1_1-x64.dll
- Size
  
  2.7MB
- MD5
  
  28dea3e780552eb5c53b3b9b1f556628
- SHA1
  
  55dccd5b30ce0363e8ebdfeb1cca38d1289748b8
- SHA256
  
  52415829d85c06df8724a3d3d00c98f12beabf5d6f3cbad919ec8000841a86e8
- SHA512
  
  19dfe5f71901e43ea34d257f693ae1a36433dbdbcd7c9440d9b0f9eea24de65c4a8fe332f7b88144e1a719a6ba791c2048b4dd3e5b1ed0fdd4c813603ad35112
- SSDEEP
  
  49152:KlOh5PuX2I9Rkf5gnQ7duzGuqFCtLQ2IqNPz38JQ41CPwDv3uFfJ:Q2Irkn2Iqt38C41CPwDv3uFfJ
Score

1^/10
behavioral10 behavioral9
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/libssl-1_1-x64.dll
- Size
  
  669KB
- MD5
  
  4ad03043a32e9a1ef64115fc1ace5787
- SHA1
  
  352e0e3a628c8626cff7eed348221e889f6a25c4
- SHA256
  
  a0e43cbc4a2d8d39f225abd91980001b7b2b5001e8b2b8292537ae39b17b85d1
- SHA512
  
  edfae3660a5f19a9deda0375efba7261d211a74f1d8b6bf1a8440fed4619c4b747aca8301d221fd91230e7af1dab73123707cc6eda90e53eb8b6b80872689ba6
- SSDEEP
  
  12288:PcPPRr7K55yAAKDNkk1+cFc+CmRkS9/+wDe1rlXiE4D9u3AG3UQjA5WU2lvz:2N43+cFcmYhXixo7708U2lvz
Score

1^/10
behavioral11 behavioral12
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/msvcp140.dll
- Size
  
  564KB
- MD5
  
  1ba6d1cf0508775096f9e121a24e5863
- SHA1
  
  df552810d779476610da3c8b956cc921ed6c91ae
- SHA256
  
  74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
- SHA512
  
  9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af
- SSDEEP
  
  12288:RBSNvy11qsslnxU/1ceqHiNHlOp/2M+UHHZpDLO+r2VhQEKZm+jWodEEVAdm:RBSDOFQEKZm+jWodEE2dm
Score

1^/10
behavioral13 behavioral14
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/msvcp140_1.dll
- Size
  
  34KB
- MD5
  
  69d96e09a54fbc5cf92a0e084ab33856
- SHA1
  
  b4629d51b5c4d8d78ccb3370b40a850f735b8949
- SHA256
  
  a3a1199de32bbbc8318ec33e2e1ce556247d012851e4b367fe853a51e74ce4ee
- SHA512
  
  2087827137c473cdbec87789361ed34fad88c9fe80ef86b54e72aea891d91af50b17b7a603f9ae2060b3089ce9966fad6d7fbe22dee980c07ed491a75503f2cf
- SSDEEP
  
  384:z1vZLMtUYqOoKFYpWcm5gW/ki0pSt+eB+Hj+R9zUkUTRtHRN7SoHR9zui5TJ:zpCtzqOjKYWi0QKHji9zSRtnx9zJTJ
Score

1^/10
behavioral15 behavioral16
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/steam_api64.dll
- Size
  
  291KB
- MD5
  
  6b4ab6e60364c55f18a56a39021b74a6
- SHA1
  
  39cac2889d8ca497ee0d8434fc9f6966f18fa336
- SHA256
  
  1db3fd414039d3e5815a5721925dd2e0a3a9f2549603c6cab7c49b84966a1af3
- SHA512
  
  c08de8c6e331d13dfe868ab340e41552fc49123a9f782a5a63b95795d5d979e68b5a6ab171153978679c0791dc3e3809c883471a05864041ce60b240ccdd4c21
- SSDEEP
  
  3072:504VEQ2u/niy9UVLCe9ZqdrP+VXvv+sJYB2RHKBi65lhTbCc+hnvvEyP7yq+uei1:QZu/i874ZcrMv2cRh7yqO2CPLHxYq8/B
Score

1^/10
behavioral17 behavioral18
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/vcruntime140.dll
- Size
  
  106KB
- MD5
  
  49c96cecda5c6c660a107d378fdfc3d4
- SHA1
  
  00149b7a66723e3f0310f139489fe172f818ca8e
- SHA256
  
  69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
- SHA512
  
  e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d
- SSDEEP
  
  1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU
Score

1^/10
behavioral19 behavioral20
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/vcruntime140_1.dll
- Size
  
  48KB
- MD5
  
  cf0a1c4776ffe23ada5e570fc36e39fe
- SHA1
  
  2050fadecc11550ad9bde0b542bcf87e19d37f1a
- SHA256
  
  6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47
- SHA512
  
  d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168
- SSDEEP
  
  768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
Score

1^/10
behavioral21 behavioral22
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/vcruntime140_app.dll
- Size
  
  21KB
- MD5
  
  c0f29bd3b0eb4d8795d609a0c52e0926
- SHA1
  
  2f1958696d66edaf38079e370dcc2b41c7474122
- SHA256
  
  813a447192c4fa7d25d0716b769399546f8bf6b31269dd8ad47f9812008d79e6
- SHA512
  
  02bc56ad129a7d6382ba8d68b68a52fa70ace9bce68aae56d901bc60451982e358805e950ab49ae3d0c052c2ac6d44a6f5ab3679cd4ce2fbb205e4a8c7d7b670
- SSDEEP
  
  384:K0g/dJiHlDoeuczbaj7wTfzvg55dHRN7ooiFWSlGs4kz:w/d8lDoeuczbaj7Cg9jHPs
Score

3^/10
behavioral23 behavioral24
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/x86/HDHelper_[0MB]_[1].exe
- Size
  
  566KB
- MD5
  
  8a179892518a2c4e8a63afa91de7bdce
- SHA1
  
  e9b095c966ccc4c4900b4cf741c067d2a0f43cd4
- SHA256
  
  72ece91f65a461c5023695bf5f31b5b6b5bd629dba8407524e8144f6d1e160e8
- SHA512
  
  91abb220c222a89a2df27818b8385b4015128a35b7d4c43d0f497717a4e5a55dfb9dc1da3f47a49a2400ea8300d41d52277331a6c7c3437ac5cb867a4027b220
- SSDEEP
  
  12288:voJoMf8uSKkd/kAseRy/M96oQD08WjWYatid4TwzSxK/G8kHcL:CEKkd/wXMwoQJW6Ya5TwzUKeH8L
Score

1^/10
behavioral25 behavioral26
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/x86/NvStereoUtilityOGL_[1MB]_[1].exe
- Size
  
  1.1MB
- MD5
  
  017cd77d01314e72a973ff0c7882453d
- SHA1
  
  288238159cf18418149f5cd3475a6ebb9f45a631
- SHA256
  
  c2c71318a17f7f767e5d203d22b48f27eecae46a4f37082d7b413c51da6183b3
- SHA512
  
  b1d4c87e7d8585c16aa50499398c9a04d90bcd32ab36fbf7a357bc15abce0cd802a259cc7431de9fe2ca77aa68298aab5041157308be4601f7f7aa0c3c180b03
- SSDEEP
  
  24576:zCVnoQHgdFnJhVaqajA4+ubDaSKYqSpamUbSBe:zgnoFFnJjaqajA4+yaSK5SpamUbSBe
Score

3^/10
behavioral27 behavioral28
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/x86/VSLauncher_[0MB]_[1].exe
- Size
  
  281KB
- MD5
  
  7a7bb3b0e57e4fb32c57b74e78e657ad
- SHA1
  
  f1dee943b1b6238b1466d83325c4099d189cd4b5
- SHA256
  
  87048cff2227d2901314760618d23917cfbc5cc15fc22dc355e803c5ee5fb211
- SHA512
  
  ef0c9985b640189ed9991b301cfbf9771df961e1bf67bf68c5833667db53977c9745bcfb42e059d8bb5bcd7a88253a715d86f65612dccc33514ccda3baaf24c2
- SSDEEP
  
  3072:Dawahjy56hh65Ndqp9ikqtPLy0gJmU/3j41IGvQC2mCILuCW+VoNDRUiuDhJoueT:dLlavj41nDlDOO9uunwiLWyIE2n
Score

1^/10
behavioral29 behavioral30
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/x86/api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  17KB
- MD5
  
  29001f316ccfc800e2246743df9b15b3
- SHA1
  
  dc734266648d3463c1f8d88c1ce7d900a4e3b26c
- SHA256
  
  e5ea2c21fb225090f7d0db6c6990d67b1558d8e834e86513bc8ba7a43c4e7b36
- SHA512
  
  4cffc0c6f94fcd1155909993c622b9103abd7a7bce88742a10abd6a3496a334d667a39bb601f99eb174aa847d7dae056e0d9769754ca86320579b262a20a6599
- SSDEEP
  
  384:WRtwDfIe9jWfhWC+Y3DGk8ZpH3GCJErra8o7Q+Y3DGUKn8JN77hhET:ape9A5DGkiRBEXaR70DGa3hqT
Score

1^/10
behavioral31
- Target
  
  ##!!SetUp_5566_Pa$sW0rd$$!!/x86/api-ms-win-core-profile-l1-1-0.dll
- Size
  
  16KB
- MD5
  
  6ee66dca31c5cce57740d677c85b4ce7
- SHA1
  
  8969db03f98f9548caf8e2d8c7f2f5cd7071f333
- SHA256
  
  d00a0edace14715bf79dbd17b715d8a74a2300f0adb1f3fc137edfb7074c9b0a
- SHA512
  
  592e3b6c689a0d6c87079c54c3e13e6ee1fc0c5c770abc854040e85464687c46f0a558be22f8759dbc4a100810386ee379ffe4359cf9091d9afae548bc597be2
- SSDEEP
  
  384:WiIWfhWx+Y3DGk8ZpH3GCJErcx3l/r7+Y3DGU78JN77hhC6UHR:doDGkiRBEWV/rxDGT3h06UHR
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Vidar

Detects Windows executables referencing non-Windows User-Agents

Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

Detects executables containing potential Windows Defender anti-emulation checks

Checks computer location settings

Loads dropped DLL

Reads data files stored by FTP clients

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32