stealc | e85d5b53626307eb032ccfe4ba7e1441a88af81062e5afe8a69f1d283b4f3ea9 | Triage

Submit
Reports

Overview

overview

Static

static

7

default.exe

windows7-x64

7

default.exe

windows10-2004-x64

Resubmissions

11-10-2024 14:50

241011-r7wcfsxhkf 10

11-10-2024 14:47

241011-r5zbbssgrp 10

Sharing

General

Target

default.exe
Size

4.2MB
Sample

241011-r7wcfsxhkf
MD5

589903101622ead17fb90da578086962
SHA1

8c0b3b771ac79959dc155166bf22495b3197b97d
SHA256

e85d5b53626307eb032ccfe4ba7e1441a88af81062e5afe8a69f1d283b4f3ea9
SHA512

49b74af8105878f6d7e491f6bb56d23ad8cb28e317a0c99a1ac36b7aa4948610e3d171a2b64a58fd3fab83ba48691f58bf033462a592fa61bbdd6cb9e49a47fd
SSDEEP

49152:UTgmiz2o3rioSPZQpAookqlq40imXDUZei3xRxwcCjg5835S2m:UcfbiV9U5/3HE58p

Score

10^/10

stealc vidar 6b8642176bdf6e69e18dcef863f92aad credential_access discovery stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

default.exe

Resource

win7-20240708-en

credential_access discovery stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

default.exe

Resource

win10v2004-20241007-en

stealc vidar 6b8642176bdf6e69e18dcef863f92aad credential_access discovery stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

10.2

Botnet

6b8642176bdf6e69e18dcef863f92aad

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  default.exe
- Size
  
  4.2MB
- MD5
  
  589903101622ead17fb90da578086962
- SHA1
  
  8c0b3b771ac79959dc155166bf22495b3197b97d
- SHA256
  
  e85d5b53626307eb032ccfe4ba7e1441a88af81062e5afe8a69f1d283b4f3ea9
- SHA512
  
  49b74af8105878f6d7e491f6bb56d23ad8cb28e317a0c99a1ac36b7aa4948610e3d171a2b64a58fd3fab83ba48691f58bf033462a592fa61bbdd6cb9e49a47fd
- SSDEEP
  
  49152:UTgmiz2o3rioSPZQpAookqlq40imXDUZei3xRxwcCjg5835S2m:UcfbiV9U5/3HE58p
Score

10^/10

credential_access discovery stealer stealc vidar 6b8642176bdf6e69e18dcef863f92aad
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverystealer

behavioral2

stealcvidar6b8642176bdf6e69e18dcef863f92aadcredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy