stealc | 0c5787229f775fcbdd5d466b411c628480c0a0b655b1f7705b90448296916112 | Triage

Submit
Reports

Overview

overview

Static

static

1

!#File?_#!...up.exe

windows7-x64

!#File?_#!...up.exe

windows10-2004-x64

!#File?_#!...up.exe

windows11-21h2-x64

Sharing

General

Target

files.zip
Size

14.8MB
Sample

240616-xfv59swglq
MD5

810387348f17bc13d5f2635f06198e70
SHA1

d5fcda64215753cbd86174401df7915e0857c9ae
SHA256

0c5787229f775fcbdd5d466b411c628480c0a0b655b1f7705b90448296916112
SHA512

5aef04b143adffeb3d2119f21736e721c913a06595565b6c4ff98cb50e77a503b23ef7a08c51508adece885bce5350259748fac4879845be5fb03955a49cd921
SSDEEP

393216:gdPUs09wbsbAXGhOPB2Qelx9mOQyRzZ3zcrWQJw:n57boiOBm9RZwKGw

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

!#File?_#!U?e~Passw0rd__~.~160617~.~__/Setup.exe

Resource

win7-20240611-en

stealc vidar stealer

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

!#File?_#!U?e~Passw0rd__~.~160617~.~__/Setup.exe

Resource

win10v2004-20240611-en

stealc vidar discovery spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Behavioral task

behavioral3

Sample

!#File?_#!U?e~Passw0rd__~.~160617~.~__/Setup.exe

Resource

win11-20240508-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  !#File?_#!U?e~Passw0rd__~.~160617~.~__/Setup.exe
- Size
  
  316KB
- MD5
  
  c637e5ecf625b72f4bef9d28cd81d612
- SHA1
  
  a2c1329d290e508ee9fd0eb81e7f25d57e450f8c
- SHA256
  
  111c56593668be63e1e0c79a2d33d9e2d49cdf0c5100663c72045bc6b76e9fe6
- SHA512
  
  727d78bab4fab3674eec92ca5f07df6a0095ab3b973dd227c599c70e8493592bb53bb9208cc6270713283ef0065acfad3203ddcf4dcb6d43f8727f09ceaaf2e4
- SSDEEP
  
  6144:VzsRSKkhKKXDD2mTLGxelHJ+SBae3VFpSX:6VkhZWEGxelH0SBtfpS
Score

10^/10

stealc vidar stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarstealer

behavioral2

stealcvidardiscoveryspywarestealer

behavioral3

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy