General
-
Target
2da1abbc4cc0cb6c5819206da60dbb09d72b02034ef375cd40ce289bdf2dc417
-
Size
425KB
-
Sample
240627-2l6amsxhln
-
MD5
c64af626c4ed0784e010f5f2210e97f4
-
SHA1
03ff97d0f1530600ef134d64ddeabbe5770432a6
-
SHA256
2da1abbc4cc0cb6c5819206da60dbb09d72b02034ef375cd40ce289bdf2dc417
-
SHA512
b8905e33b1a01fc94ed440c7c435e58b2fb43639aa377118e1ab894de2bf20d52803fd80e73c863c4bb8b8fda6cf246e7d942cc8f985e3d81a9c7702af268f0a
-
SSDEEP
12288:tAZeNp7Ik3kXzCNAt8T7yejH2KlN2fq3S9:tAop5KCNEoWS3
Malware Config
Extracted
stealc
Extracted
vidar
10.1
cac73a25dd295fef8853d330a75f6da4
https://t.me/memve4erin
https://steamcommunity.com/profiles/76561199699680841
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
2da1abbc4cc0cb6c5819206da60dbb09d72b02034ef375cd40ce289bdf2dc417
-
Size
425KB
-
MD5
c64af626c4ed0784e010f5f2210e97f4
-
SHA1
03ff97d0f1530600ef134d64ddeabbe5770432a6
-
SHA256
2da1abbc4cc0cb6c5819206da60dbb09d72b02034ef375cd40ce289bdf2dc417
-
SHA512
b8905e33b1a01fc94ed440c7c435e58b2fb43639aa377118e1ab894de2bf20d52803fd80e73c863c4bb8b8fda6cf246e7d942cc8f985e3d81a9c7702af268f0a
-
SSDEEP
12288:tAZeNp7Ik3kXzCNAt8T7yejH2KlN2fq3S9:tAop5KCNEoWS3
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-