stealc | c3bc7fece9d6d3364fcde6bcd75a7bc0f42558a7dfebb627fec0f7f1a31d6edb | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

@!^Installer_PC_Setup_3355_Ṕ@ṨṨẄṏṛḋ_^.rar
Size

11.9MB
Sample

240616-k1lq4s1flk
MD5

10a905c14fbc907ff67e31314766aa8f
SHA1

187ef3471d299078a0051d8f2d89d9df610b48d7
SHA256

c3bc7fece9d6d3364fcde6bcd75a7bc0f42558a7dfebb627fec0f7f1a31d6edb
SHA512

320eb8f9598ff6b18031d999dfaa3e987f3a380fed0c70aec13bc78fc68de239ea90ca6768eeb98ecc3235a8ed0670d8b9676295653d09f05da05c1366097ef7
SSDEEP

196608:W0aU1FxpvyVYt4RfqCcFjD5W3EaTYFr/egbm/r2PYF6GwxZOYio5cmyNDJzPghZq:W0xH4s44CUjDo37EFLo2A6GaZvioGgvq

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20240611-en

stealc vidar stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  316KB
- MD5
  
  c637e5ecf625b72f4bef9d28cd81d612
- SHA1
  
  a2c1329d290e508ee9fd0eb81e7f25d57e450f8c
- SHA256
  
  111c56593668be63e1e0c79a2d33d9e2d49cdf0c5100663c72045bc6b76e9fe6
- SHA512
  
  727d78bab4fab3674eec92ca5f07df6a0095ab3b973dd227c599c70e8493592bb53bb9208cc6270713283ef0065acfad3203ddcf4dcb6d43f8727f09ceaaf2e4
- SSDEEP
  
  6144:VzsRSKkhKKXDD2mTLGxelHJ+SBae3VFpSX:6VkhZWEGxelH0SBtfpS
Score

10^/10

stealc vidar stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarstealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy