stealc | 6de850229841f0841877c78ecd37d43d8653961f07f12d638d15efcd0e7b4f85 | Triage

Submit
Reports

Overview

overview

Static

static

3

e9edfb5603...f5.exe

windows7-x64

e9edfb5603...f5.exe

windows10-2004-x64

Sharing

General

Target

5d0b96b2f2610709f046780420ab2ccc.bin
Size

5.6MB
Sample

240616-bq4z9sxcpm
MD5

accc085ce01adf7f0b355fc0b4658d37
SHA1

1c2b83ab2306974474bb3038de30facfe2e61728
SHA256

6de850229841f0841877c78ecd37d43d8653961f07f12d638d15efcd0e7b4f85
SHA512

99cfdd5729acc2ab56475e612b8810c301e256ab314e12d5637000553ef9795a9cfc3a6a7cfcaeed0cfd006f067f8052a76445d2bec72b29e9da38d984fbc1a7
SSDEEP

98304:kA1x4AkF4hBIS79GEnZOEukcxAcBo6zn3gfXjuPUOL4NCrvNV7BWKtkt8SV4msgs:kA1xHBt9bVun+ct7gfjCfJvNVdWZuOE7

Score

10^/10

stealc vidar spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5.exe

Resource

win7-20240611-en

stealc vidar spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5.exe

Resource

win10v2004-20240611-en

stealc vidar spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/memve4erin

https://steamcommunity.com/profiles/76561199699680841

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5.exe
- Size
  
  14.1MB
- MD5
  
  5d0b96b2f2610709f046780420ab2ccc
- SHA1
  
  9980ca77ad2e5eae32733c1d6df05f878e092e5a
- SHA256
  
  e9edfb560307e1bd40f575a8dc1d9835e13059388cfb72ffbbe8aefc99d7fbf5
- SHA512
  
  dae781d02638da51f353cc66b8cdd6d759e2987a21cc7f02baa432a94bc9c977426c61ffe0f06d1cfa60a3f8d0e10e16fe3ada78affe1c8921b52ac3a85889f8
- SSDEEP
  
  98304:yvMsbagKjC8xLKyAGN3W2+vVdL2uMXJsuLfMhj0+N0R/EKbMkZfmTUTAMs:MfK/eyAGN3UvVd0XJsOfMhjQRcKCdMs
Score

10^/10

stealc vidar spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarspywarestealer

behavioral2

stealcvidarspywarestealer

© 2018-2024

Terms | Privacy