Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4b22461e379bba07e2e2f6cf1833884c0ff656b84afdd3b2284be856f598ae0

  • Size

    4.7MB

  • Sample

    240629-eekn2atcnr

  • MD5

    6320d63025e1764e578680e24906def3

  • SHA1

    b452cb8f5fe2b5683b8ea94b90c5d3f415e53832

  • SHA256

    d4b22461e379bba07e2e2f6cf1833884c0ff656b84afdd3b2284be856f598ae0

  • SHA512

    f75d2700fafea373de7f2c4131a650128d38146ef8fd7edef0c186ce3ebc1fb51b116f91596891d68f893a56b30e14035e565a55d0e5d228462c9e3e7a68dc51

  • SSDEEP

    98304:KjG9asZlqf3mTJBMAxu8l+yzWCdlPtclKfWN6D:KjGgsZlqvmT8wu8lZWCzo+

Score
10/10
lummariseprostealcvidarspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Extracted

Family

risepro

C2

77.105.132.27:50500

Extracted

Family

lumma

C2

https://contintnetksows.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      d4b22461e379bba07e2e2f6cf1833884c0ff656b84afdd3b2284be856f598ae0

    • Size

      4.7MB

    • MD5

      6320d63025e1764e578680e24906def3

    • SHA1

      b452cb8f5fe2b5683b8ea94b90c5d3f415e53832

    • SHA256

      d4b22461e379bba07e2e2f6cf1833884c0ff656b84afdd3b2284be856f598ae0

    • SHA512

      f75d2700fafea373de7f2c4131a650128d38146ef8fd7edef0c186ce3ebc1fb51b116f91596891d68f893a56b30e14035e565a55d0e5d228462c9e3e7a68dc51

    • SSDEEP

      98304:KjG9asZlqf3mTJBMAxu8l+yzWCdlPtclKfWN6D:KjGgsZlqvmT8wu8lZWCzo+

    Score
    10/10
    lummariseprostealcvidarspywarestealer

    • Detect Vidar Stealer

      stealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks