stealc | 1ad6aa5ed881730e3ed0eb54bdb45135d0c7242717aec7664d1e4b4b26536dbc | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

1ad6aa5ed881730e3ed0eb54bdb45135d0c7242717aec7664d1e4b4b26536dbc
Size

2.1MB
Sample

240617-fnxkmavhma
MD5

8a61b6f50f0fce3115837de149de99bf
SHA1

0d6d7ac040fc4501680e83b2137e003c50db3dee
SHA256

1ad6aa5ed881730e3ed0eb54bdb45135d0c7242717aec7664d1e4b4b26536dbc
SHA512

18cb46fa25cecde1c18946f273c12aa639b66eb35f94557fe0eabf876a3268b74b96752e0a7fc79e1385dbf016584813feae869f44153adb8749a71cf28dace8
SSDEEP

24576:Ub4m+sws1qLVNMIlJl6DRKbAlcNRfCKtUfMxVVtes12FxwojKr98YGeGG9iO:UZXOjt6DuAwCKtUkxVVChjHZQs

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1ad6aa5ed881730e3ed0eb54bdb45135d0c7242717aec7664d1e4b4b26536dbc.exe

Resource

win7-20240611-en

stealc vidar discovery spyware stealer

windows7-x64

17 signatures

300 seconds

Behavioral task

behavioral2

Sample

1ad6aa5ed881730e3ed0eb54bdb45135d0c7242717aec7664d1e4b4b26536dbc.exe

Resource

win10-20240611-en

stealc vidar discovery stealer

windows10-1703-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

C2

https://t.me/r8z0l

https://steamcommunity.com/profiles/76561199698764354

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0

Targets

- Target
  
  1ad6aa5ed881730e3ed0eb54bdb45135d0c7242717aec7664d1e4b4b26536dbc
- Size
  
  2.1MB
- MD5
  
  8a61b6f50f0fce3115837de149de99bf
- SHA1
  
  0d6d7ac040fc4501680e83b2137e003c50db3dee
- SHA256
  
  1ad6aa5ed881730e3ed0eb54bdb45135d0c7242717aec7664d1e4b4b26536dbc
- SHA512
  
  18cb46fa25cecde1c18946f273c12aa639b66eb35f94557fe0eabf876a3268b74b96752e0a7fc79e1385dbf016584813feae869f44153adb8749a71cf28dace8
- SSDEEP
  
  24576:Ub4m+sws1qLVNMIlJl6DRKbAlcNRfCKtUfMxVVtes12FxwojKr98YGeGG9iO:UZXOjt6DuAwCKtUkxVVChjHZQs
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoverystealer

© 2018-2024

Terms | Privacy