General
-
Target
5f5d2d0921c6917bd07ea44fbfef38efc470942736a13283ba4e15df051c0f38
-
Size
7.4MB
-
Sample
240617-fq2x5azcnm
-
MD5
4c3f0027d2e0e9c8664bf102fc2840e4
-
SHA1
1af682cc65c9a3c4f1f06fc1a698cf18bfeb3e12
-
SHA256
5f5d2d0921c6917bd07ea44fbfef38efc470942736a13283ba4e15df051c0f38
-
SHA512
3baeaecaae645fe329eccabd4e9e05a589ee69edf3e60e16ed3987f2ecb5c874dc75858dfd71871ed4a116aac2f9b58822d0a2c35fcbf7a8e4e77357e63af238
-
SSDEEP
196608:w6Oakf78Ql8X6OAfiZ8AY/5iEvCidMtCVHb1QR:LOXDra6OP5OiEvCi+IaR
Malware Config
Extracted
stealc
Targets
-
-
Target
5f5d2d0921c6917bd07ea44fbfef38efc470942736a13283ba4e15df051c0f38
-
Size
7.4MB
-
MD5
4c3f0027d2e0e9c8664bf102fc2840e4
-
SHA1
1af682cc65c9a3c4f1f06fc1a698cf18bfeb3e12
-
SHA256
5f5d2d0921c6917bd07ea44fbfef38efc470942736a13283ba4e15df051c0f38
-
SHA512
3baeaecaae645fe329eccabd4e9e05a589ee69edf3e60e16ed3987f2ecb5c874dc75858dfd71871ed4a116aac2f9b58822d0a2c35fcbf7a8e4e77357e63af238
-
SSDEEP
196608:w6Oakf78Ql8X6OAfiZ8AY/5iEvCidMtCVHb1QR:LOXDra6OP5OiEvCi+IaR
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-