stealc | 929804f60f8f3a0b0d7862cd91eb6be0a2ba694c4a28e3f9fa2d65ff171469a6 | Triage

Submit
Reports

Overview

overview

Static

static

3

929804f60f...a6.exe

windows7-x64

929804f60f...a6.exe

windows10-2004-x64

Sharing

General

Target

929804f60f8f3a0b0d7862cd91eb6be0a2ba694c4a28e3f9fa2d65ff171469a6.exe
Size

866KB
Sample

240617-bmzldaxekd
MD5

4625f69b1be6f7d738a4df335c6ca306
SHA1

52125696d6846193d9e8275568ad0965d040c06a
SHA256

929804f60f8f3a0b0d7862cd91eb6be0a2ba694c4a28e3f9fa2d65ff171469a6
SHA512

863bc0a02a4b94b64fa1a305f9d9ecf8bcacc961578430b922196b9fce30823a3a07442cf968176b0e291f5abc7170f9f9dab37e7988daeb99c4c9b1a7ad4ab7
SSDEEP

24576:Zg8AiKw1LbXu9Z5aHrS0tBF9doVhjY1fOm0w3Q6l6v3:ZgBW56T8BR2fU12EQnv3

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

929804f60f8f3a0b0d7862cd91eb6be0a2ba694c4a28e3f9fa2d65ff171469a6.exe

Resource

win7-20240508-en

stealc vidar discovery spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

929804f60f8f3a0b0d7862cd91eb6be0a2ba694c4a28e3f9fa2d65ff171469a6.exe

Resource

win10v2004-20240508-en

stealc vidar discovery spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/memve4erin

https://steamcommunity.com/profiles/76561199699680841

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  929804f60f8f3a0b0d7862cd91eb6be0a2ba694c4a28e3f9fa2d65ff171469a6.exe
- Size
  
  866KB
- MD5
  
  4625f69b1be6f7d738a4df335c6ca306
- SHA1
  
  52125696d6846193d9e8275568ad0965d040c06a
- SHA256
  
  929804f60f8f3a0b0d7862cd91eb6be0a2ba694c4a28e3f9fa2d65ff171469a6
- SHA512
  
  863bc0a02a4b94b64fa1a305f9d9ecf8bcacc961578430b922196b9fce30823a3a07442cf968176b0e291f5abc7170f9f9dab37e7988daeb99c4c9b1a7ad4ab7
- SSDEEP
  
  24576:Zg8AiKw1LbXu9Z5aHrS0tBF9doVhjY1fOm0w3Q6l6v3:ZgBW56T8BR2fU12EQnv3
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
- Detects executables containing potential Windows Defender anti-emulation checks
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy