Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d5d203c3b42d97ea56a408189df2d6f04c0f31c5fb3057178312252b3ea8221

  • Size

    868KB

  • Sample

    240706-ge4s1szdne

  • MD5

    16fcba4c603655fca5f10157dd6d360f

  • SHA1

    25aa4c3dd09dc6298fec323e0074a3bdd47df8ad

  • SHA256

    9d5d203c3b42d97ea56a408189df2d6f04c0f31c5fb3057178312252b3ea8221

  • SHA512

    b4843d2b96abb64150c7d99fc8307b9cb7e9fa4c77300fef2ab016d0c0dfa5c2786f3055da66a001c2a1adfb01ad8c865932533706803619e1c69b9e4aa0e652

  • SSDEEP

    24576:uyvoo4th2Mz2T/KB9pHK+zstXLD1r69E9jZud/Wg1gCxhOKpChj:g/2MiTiBTatdr69Epkduig3KpChj

Score
10/10
stealcvidar28187bb5c913527f132ac92e6e76919adiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

9.6

Botnet

28187bb5c913527f132ac92e6e76919a

C2

https://steamcommunity.com/profiles/76561199681720597

https://t.me/talmatin
Attributes
  • profile_id_v2

    28187bb5c913527f132ac92e6e76919a

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0

Targets

    • Target

      9d5d203c3b42d97ea56a408189df2d6f04c0f31c5fb3057178312252b3ea8221

    • Size

      868KB

    • MD5

      16fcba4c603655fca5f10157dd6d360f

    • SHA1

      25aa4c3dd09dc6298fec323e0074a3bdd47df8ad

    • SHA256

      9d5d203c3b42d97ea56a408189df2d6f04c0f31c5fb3057178312252b3ea8221

    • SHA512

      b4843d2b96abb64150c7d99fc8307b9cb7e9fa4c77300fef2ab016d0c0dfa5c2786f3055da66a001c2a1adfb01ad8c865932533706803619e1c69b9e4aa0e652

    • SSDEEP

      24576:uyvoo4th2Mz2T/KB9pHK+zstXLD1r69E9jZud/Wg1gCxhOKpChj:g/2MiTiBTatdr69Epkduig3KpChj

    Score
    10/10
    stealcvidar28187bb5c913527f132ac92e6e76919adiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks