General
-
Target
#!~#0PEn_9797_P@$SW0rd~!^!!$.rar
-
Size
7.7MB
-
Sample
240618-p39ceaycnk
-
MD5
78cd577ca78cfb7e34e8a8ea42fbf010
-
SHA1
453ce0bbf1229ae3ae3a9d18163b5aa3d0d57a05
-
SHA256
8a70aefa2707adfc89832e1e50d50643f0701eff060ffcf4f9259e9e083f69c9
-
SHA512
9cb475830828cb3547f99694ea210080a81d3f5e0e1ab0f0a9891c255a7058d0a91c3805d4cbd5006554c75b97d33271d57e8105eff200f4dc3ec77f181ffb38
-
SSDEEP
196608:MnKMnWcQwj8z5/Ft1FwE0u96ztCCoWWrJMEWx5lHnzYIJ6LCOH:M/3QW8Nd00kCP/WxbzYIU+C
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
Targets
-
-
Target
Setup.exe
-
Size
2.3MB
-
MD5
5d52ef45b6e5bf144307a84c2af1581b
-
SHA1
414a899ec327d4a9daa53983544245b209f25142
-
SHA256
26a24d3b0206c6808615c7049859c2fe62c4dcd87e7858be40ae8112b0482616
-
SHA512
458f47c1e4ccf41edaacc57abb663ee77ca098fffc596fad941bbdea67653aeabc79b34d607078b9ee5adb45614e26f5c28a09e8faf9532081fdd5dec9ac3c48
-
SSDEEP
49152:DzO+g39FbI0eQf/Z3CarWedoYAmXviDTMtT2wkqN5K:DzO19Fnf/hdoYAm9ZkqN5K
-
Detect Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-