General
-
Target
52e7510e97f558788067937c97a268ad4951d22f8b94d87855bcb3dd4d6e6708.exe
-
Size
13.0MB
-
Sample
240617-bhncjsxbqh
-
MD5
543e80dbd2fa8ddf8cebccc1099b4609
-
SHA1
dae57bb7f0ef4e045e0da446ac8e8f546e341147
-
SHA256
52e7510e97f558788067937c97a268ad4951d22f8b94d87855bcb3dd4d6e6708
-
SHA512
b2215db059c9c1b437eb229645e5411199c822d1c1458e240c9edef3c469d5b49a70f3bda1b9b017f9a0373702fb4c99388ecd0942958e17be587cc07ebde33b
-
SSDEEP
98304:+T+qSAWrRPEfY6D+4fZoh6hOVwZMNriErlBOogs3q/vWhrCVTKs:+T+qSAW9PuTpfPwxMteU
Static task
static1
Behavioral task
behavioral1
Sample
52e7510e97f558788067937c97a268ad4951d22f8b94d87855bcb3dd4d6e6708.exe
Resource
win7-20240508-en
Malware Config
Extracted
stealc
Targets
-
-
Target
52e7510e97f558788067937c97a268ad4951d22f8b94d87855bcb3dd4d6e6708.exe
-
Size
13.0MB
-
MD5
543e80dbd2fa8ddf8cebccc1099b4609
-
SHA1
dae57bb7f0ef4e045e0da446ac8e8f546e341147
-
SHA256
52e7510e97f558788067937c97a268ad4951d22f8b94d87855bcb3dd4d6e6708
-
SHA512
b2215db059c9c1b437eb229645e5411199c822d1c1458e240c9edef3c469d5b49a70f3bda1b9b017f9a0373702fb4c99388ecd0942958e17be587cc07ebde33b
-
SSDEEP
98304:+T+qSAWrRPEfY6D+4fZoh6hOVwZMNriErlBOogs3q/vWhrCVTKs:+T+qSAW9PuTpfPwxMteU
-
Detect Vidar Stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables containing potential Windows Defender anti-emulation checks
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-