stealc | 1a2be88ef16998f562bab3ec555c30d5c47d6d7c8394d97fabb928261a768246 | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.html

windows10-ltsc 2021-x64

Sharing

General

Target

sample
Size

19KB
Sample

241122-pcyszszqbs
MD5

299c94c7a666e535dab67a9887b148af
SHA1

62b4a9597cc8764271f0162c6e103c00afffc393
SHA256

1a2be88ef16998f562bab3ec555c30d5c47d6d7c8394d97fabb928261a768246
SHA512

03178170433169f9f5d57ebfef803331958f44cdf0ec58f28d70dfb3343c452bec5c641af487737dc066d4d837ba888b8e70cdf7eb1469f99d9ced1cc23f7617
SSDEEP

384:T1X/1ocy4O4lbGa3MvhpN5YWMLTe0sVlObz6r0sZgfU1xCejiw:h1ocy4NEacJpN+WmTeFebz6r0sZWuxPF

Score

10^/10

stealc vidar 635b5ceb8ed09951eb8d5e776815ad72 credential_access discovery phishing stealer

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win10ltsc2021-20241023-en

stealc vidar 635b5ceb8ed09951eb8d5e776815ad72 credential_access discovery phishing stealer

windows10-ltsc 2021-x64

34 signatures

1800 seconds

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

635b5ceb8ed09951eb8d5e776815ad72

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  sample
- Size
  
  19KB
- MD5
  
  299c94c7a666e535dab67a9887b148af
- SHA1
  
  62b4a9597cc8764271f0162c6e103c00afffc393
- SHA256
  
  1a2be88ef16998f562bab3ec555c30d5c47d6d7c8394d97fabb928261a768246
- SHA512
  
  03178170433169f9f5d57ebfef803331958f44cdf0ec58f28d70dfb3343c452bec5c641af487737dc066d4d837ba888b8e70cdf7eb1469f99d9ced1cc23f7617
- SSDEEP
  
  384:T1X/1ocy4O4lbGa3MvhpN5YWMLTe0sVlObz6r0sZgfU1xCejiw:h1ocy4NEacJpN+WmTeFebz6r0sZWuxPF
Score

10^/10

stealc vidar 635b5ceb8ed09951eb8d5e776815ad72 credential_access discovery phishing stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcvidar635b5ceb8ed09951eb8d5e776815ad72credential_accessdiscoveryphishingstealer

© 2018-2024

Terms | Privacy