stealc

General

Target

d63d18c67f83e54c77072aa953c5e5c0496a7a4c2ac6ca8bd07e211ee80b3d6c
Size

216KB
Sample

240919-2nsgkavdpg
MD5

3c01f02d55374baace8ac5b33fe49f0e
SHA1

20c79d225fad0162363986914f34830cb6e1caaa
SHA256

d63d18c67f83e54c77072aa953c5e5c0496a7a4c2ac6ca8bd07e211ee80b3d6c
SHA512

430c8e350363a38ea37067ddd379c04f723ec379a959cc2083ca2a6b17e789f7a6c30e377e82f3514c6bb603e8a6890d40eb3de84b9ddf8b84bb8005fe2dd850
SSDEEP

6144:sgc6Fx2RMPWAECC4ukYFYMbejiofOXpXbV4EO:bpP2RMPjECCmYFYMbej2LV4EO

Score

10^/10

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes

url_path
/c4754d4f680ead72.php

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/76561199768374681

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0

Targets

- Target
  
  d63d18c67f83e54c77072aa953c5e5c0496a7a4c2ac6ca8bd07e211ee80b3d6c
- Size
  
  216KB
- MD5
  
  3c01f02d55374baace8ac5b33fe49f0e
- SHA1
  
  20c79d225fad0162363986914f34830cb6e1caaa
- SHA256
  
  d63d18c67f83e54c77072aa953c5e5c0496a7a4c2ac6ca8bd07e211ee80b3d6c
- SHA512
  
  430c8e350363a38ea37067ddd379c04f723ec379a959cc2083ca2a6b17e789f7a6c30e377e82f3514c6bb603e8a6890d40eb3de84b9ddf8b84bb8005fe2dd850
- SSDEEP
  
  6144:sgc6Fx2RMPWAECC4ukYFYMbejiofOXpXbV4EO:bpP2RMPjECCmYFYMbej2LV4EO
Score

10^/10

stealc default credential_access discovery spyware stealer vidar
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2