stealc | 8506cac9dd95d8779ddbfe185f0f81d0357223724ea4ad8fadeb136c01a82ef8 | Triage

Submit
Reports

Overview

overview

Static

static

1

!!fUlLSetu...up.exe

windows7-x64

!!fUlLSetu...up.exe

windows10-2004-x64

!!fUlLSetu...up.exe

windows11-21h2-x64

Resubmissions

28/06/2024, 15:06

240628-sg6wyavepf 10

28/06/2024, 14:58

240628-sb53fsxgnj 10

Sharing

General

Target

!!fUlLSetup_22334_P@ssKeys!!.zip
Size

22.0MB
Sample

240628-sg6wyavepf
MD5

a4e30d8ed94d3e28fd8727e04a203126
SHA1

b052128839bcdbf841da2e4b42c955893adf1b86
SHA256

8506cac9dd95d8779ddbfe185f0f81d0357223724ea4ad8fadeb136c01a82ef8
SHA512

16cdf46220b709e40b2e1618bac59962f9cdf336bdaa250a7c7e7518ae59265a6e2fb7d5232e0f00d34ff95e71dc0d665ec7e8ae5d345b5efbfa302f538bab98
SSDEEP

393216:jIdmIR4XKjsWJxcRGh/vp0cOqFfMLz5MeOF7EGXutGPBSKx6XI3WrBqWP:jMuX1WwRGh/R/ZOz5MLNlPZItlt

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

!!fUlLSetup_22334_P@ssKeys!!/Setup.exe

Resource

win7-20240508-en

stealc vidar stealer

windows7-x64

9 signatures

600 seconds

Behavioral task

behavioral2

Sample

!!fUlLSetup_22334_P@ssKeys!!/Setup.exe

Resource

win10v2004-20240611-en

stealc vidar discovery spyware stealer

windows10-2004-x64

17 signatures

600 seconds

Behavioral task

behavioral3

Sample

!!fUlLSetup_22334_P@ssKeys!!/Setup.exe

Resource

win11-20240508-en

stealc vidar discovery spyware stealer

windows11-21h2-x64

13 signatures

600 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  !!fUlLSetup_22334_P@ssKeys!!/Setup.exe
- Size
  
  656.8MB
- MD5
  
  a16936abeb9abc4945d6fdd76ecec729
- SHA1
  
  a74de976ce3af1db488626afe9796f7f13add504
- SHA256
  
  b2300fcaa158d08f4980f4cfe7373848256bd4918384a18e3c32b464add812a7
- SHA512
  
  d03704bef171f7815765fb527fa7c1103fdfbdfeaad22eb09b0af893ff1adec9455e7c6629946846be1924e12ac5213f7f467abf0a7276522bccfac3d25f8f44
- SSDEEP
  
  196608:doeohPRS9UUoFG2z4wThcbwNq1Af8YOdN6ZLAM4/tS9yS:doeoRao/
Score

10^/10

stealc vidar stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcvidarstealer

behavioral2

stealcvidardiscoveryspywarestealer

behavioral3

stealcvidardiscoveryspywarestealer

© 2018-2025

Terms | Privacy