General
-
Target
86bb9a397e62d756578dbe6c40cc07050f2066db6fb5d54499e03469a7cdccd5
-
Size
206KB
-
Sample
240905-2m9dpasdrl
-
MD5
ab68db6a238464a75b669938a3512ae1
-
SHA1
48a7e2ed179d29d783d55fe610598474825bdf95
-
SHA256
86bb9a397e62d756578dbe6c40cc07050f2066db6fb5d54499e03469a7cdccd5
-
SHA512
b811a8f5d3d2fab469a97a9a0d59d6b132b4fecbc7048dd203d25c938e7047b487e9a85799f8d9b04c0e01f307f3ff1bd0c3af967a8813c3ab0d72c69650364c
-
SSDEEP
6144:DYwI7yviKKJGngBT7nI5n6gtJuMM2lxG5IvjKEO:DYwIueBT7IRntJuMPXZKEO
Static task
static1
Behavioral task
behavioral1
Sample
86bb9a397e62d756578dbe6c40cc07050f2066db6fb5d54499e03469a7cdccd5.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
default
http://46.8.231.109
-
url_path
/c4754d4f680ead72.php
Extracted
vidar
https://t.me/fneogr
https://t.me/edm0d
https://steamcommunity.com/profiles/76561199768374681
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
Extracted
lumma
https://condedqpwqm.shop/api
Targets
-
-
Target
86bb9a397e62d756578dbe6c40cc07050f2066db6fb5d54499e03469a7cdccd5
-
Size
206KB
-
MD5
ab68db6a238464a75b669938a3512ae1
-
SHA1
48a7e2ed179d29d783d55fe610598474825bdf95
-
SHA256
86bb9a397e62d756578dbe6c40cc07050f2066db6fb5d54499e03469a7cdccd5
-
SHA512
b811a8f5d3d2fab469a97a9a0d59d6b132b4fecbc7048dd203d25c938e7047b487e9a85799f8d9b04c0e01f307f3ff1bd0c3af967a8813c3ab0d72c69650364c
-
SSDEEP
6144:DYwI7yviKKJGngBT7nI5n6gtJuMM2lxG5IvjKEO:DYwIueBT7IRntJuMPXZKEO
-
Detect Vidar Stealer
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-