stealc | b2bf3753fffd1c058f60b8c0b9d5be9f165e92e91462729f2707534a4b3b69c2 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

files.rar
Size

6.1MB
Sample

240618-p5ssfathph
MD5

47abbc9f5c6239eb1bcc2ebd056ee69c
SHA1

4043935a2b58d1747555a7c1e3ace24d75f404b2
SHA256

b2bf3753fffd1c058f60b8c0b9d5be9f165e92e91462729f2707534a4b3b69c2
SHA512

da46aaeabf9fc117a998b383d60bc6bfa0a32beb741ba5d65b637e64ab650f44a1f11a236970875dd123b2ed5682982457785101841bebeb5448ca01c662bdae
SSDEEP

98304:p0fdy3TarHa2Odp0BTSLlnZa6Qe+TC/9l8nIgovSj8k4X+eLZMNilM6dYdgMOT9:I8DaafQSLlnZa6B+TavrzvPVMklxfB

Score

10^/10

stealc vidar discovery persistence privilege_escalation spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20240221-en

stealc vidar persistence privilege_escalation stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20240508-en

stealc vidar discovery persistence privilege_escalation spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  446KB
- MD5
  
  485008b43f0edceba0e0d3ca04bc1c1a
- SHA1
  
  55ae8f105af415bb763d1b87f6572f078052877c
- SHA256
  
  12c22ba646232d5d5087d0300d5cfd46fed424f26143a02dc866f1bfceab3c10
- SHA512
  
  402652786daae635c7405f5fa0924d768cbde2086f9f57b10f00f921dec98e37168f5c3a6baa5593ba9a478f3971d32747c517ffd485d25634c924e6b08815b1
- SSDEEP
  
  12288:vK5+DMJA3TAz4plk9iZOOti81N5y1qMIg+GV5Zul3M:y5+DMJA3TAz4plk9ijK1qlGV7ulM
Score

10^/10

stealc vidar persistence privilege_escalation stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarpersistenceprivilege_escalationstealer

behavioral2

stealcvidardiscoverypersistenceprivilege_escalationspywarestealer

© 2018-2024

Terms | Privacy