General

  • Target

    stealerc.bin

  • Size

    824KB

  • Sample

    241119-ysbg3awpbl

  • MD5

    48f8fd860361571c1ea6373fa9929fdd

  • SHA1

    1940e67c060a7b2b7085ba8513cd69d97c035775

  • SHA256

    0d29542a4e177ab50ea5ac6ffad38e4ac31bf199f6de30334b73b0ab04c0f20c

  • SHA512

    f2145f41c822d57f079b03a24e86595bfc29dc1daca199be0fa56a3f054e622624f70f6a9084f02e369ca7c6c594f07230da260708142dcec64dedef8c9b48a6

  • SSDEEP

    6144:M58tl+4sfTny7TuvpdZlt4DIJYVKWi8u5yrh5rTNhhuy1qkteGtLMA+/mt9:M58tl+TtvtGyYKW5u8lq6T+/s

Malware Config

Extracted

Family

vidar

Version

11.7

Botnet

93fc6460673f6002db33ceb23a9e1868

C2

https://t.me/m07mbk

https://steamcommunity.com/profiles/76561199801589826

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

    • Target

      stealerc.bin

    • Size

      824KB

    • MD5

      48f8fd860361571c1ea6373fa9929fdd

    • SHA1

      1940e67c060a7b2b7085ba8513cd69d97c035775

    • SHA256

      0d29542a4e177ab50ea5ac6ffad38e4ac31bf199f6de30334b73b0ab04c0f20c

    • SHA512

      f2145f41c822d57f079b03a24e86595bfc29dc1daca199be0fa56a3f054e622624f70f6a9084f02e369ca7c6c594f07230da260708142dcec64dedef8c9b48a6

    • SSDEEP

      6144:M58tl+4sfTny7TuvpdZlt4DIJYVKWi8u5yrh5rTNhhuy1qkteGtLMA+/mt9:M58tl+TtvtGyYKW5u8lq6T+/s

    • Detect Vidar Stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks