Overview

overview

10

Static

static

7

VDeck Setup.exe

windows7-x64

10

VDeck Setup.exe

windows10-1703-x64

10

VDeck Setup.exe

windows10-2004-x64

10

VDeck Setup.exe

windows11-21h2-x64

10

Resubmissions

04-09-2024 06:03

240904-gsefaavhkk 7

04-08-2024 02:00

240804-ce8dzsxdnf 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VDeck Setup.exe

  • Size

    42.9MB

  • Sample

    240804-ce8dzsxdnf

  • MD5

    aa53626f27f7c2d0428d81f5f3ec02ac

  • SHA1

    52dac85b5d3e0491bb05c7dd6d88842409b4e0ff

  • SHA256

    8aad43ed10153b766f0c7077748cbabf4bfe98b62ca6fe1ad6a5a0840f4b7bb2

  • SHA512

    46b57df175879e4879da462cd25fdd8c6e4be800cc9cdae22b6a5452b0755418c69629c793324e1dd799d02972f23065591552e02401499a43bef376ab7c4fd8

  • SSDEEP

    786432:NKiex8/gquJ58B+PEy+Si2csY2rBWHTFvtlVCJd69mVPo7FmzYV5zy397k8/2mEt:NVy8/gN5WNlSuKKjlVCn69mVT85mBz/Y

Score
10/10
hijackloaderstealcvor2credential_accessdiscoveryloaderspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

vor2

C2

http://45.152.112.103

Attributes
  • url_path

    /1cf3aa1810feeb67.php

Targets

    • Target

      VDeck Setup.exe

    • Size

      42.9MB

    • MD5

      aa53626f27f7c2d0428d81f5f3ec02ac

    • SHA1

      52dac85b5d3e0491bb05c7dd6d88842409b4e0ff

    • SHA256

      8aad43ed10153b766f0c7077748cbabf4bfe98b62ca6fe1ad6a5a0840f4b7bb2

    • SHA512

      46b57df175879e4879da462cd25fdd8c6e4be800cc9cdae22b6a5452b0755418c69629c793324e1dd799d02972f23065591552e02401499a43bef376ab7c4fd8

    • SSDEEP

      786432:NKiex8/gquJ58B+PEy+Si2csY2rBWHTFvtlVCJd69mVPo7FmzYV5zy397k8/2mEt:NVy8/gN5WNlSuKKjlVCn69mVT85mBz/Y

    Score
    10/10
    hijackloaderstealcvor2credential_accessdiscoveryloaderspywarestealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks