stealc | fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf | Triage

Submit
Reports

Overview

overview

Static

static

3

TikTokDesktop18.exe

windows7-x64

8

TikTokDesktop18.exe

windows10-2004-x64

Sharing

General

Target

TikTokDesktop18.exe
Size

17.9MB
Sample

241130-1h7hvszrdj
MD5

81f6b6fe3201c3941bd49243c5896811
SHA1

8bd0d5bb78255fc9f2dcf70fde14dba16c66551c
SHA256

fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf
SHA512

f3d22c84fb70a2c851f533037b74c45248b9074aa3042371672c89c3ee5229bbdbbc193e54840adbc5f17672430fbbc0b94dd12c8014f3a3ec93fece24e54d4f
SSDEEP

393216:7bbTRUBXu2+WlsaxtBXu2+WlsaxtBXu2+WlsaxtBXu2+Wlsax:7PKBX4mtfBX4mtfBX4mtfBX4mt

Score

10^/10

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery execution stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TikTokDesktop18.exe

Resource

win7-20240729-en

discovery execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

TikTokDesktop18.exe

Resource

win10v2004-20241007-en

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery execution stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

41d35cbb974bc2d1287dcd4381b4a2a8

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  TikTokDesktop18.exe
- Size
  
  17.9MB
- MD5
  
  81f6b6fe3201c3941bd49243c5896811
- SHA1
  
  8bd0d5bb78255fc9f2dcf70fde14dba16c66551c
- SHA256
  
  fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf
- SHA512
  
  f3d22c84fb70a2c851f533037b74c45248b9074aa3042371672c89c3ee5229bbdbbc193e54840adbc5f17672430fbbc0b94dd12c8014f3a3ec93fece24e54d4f
- SSDEEP
  
  393216:7bbTRUBXu2+WlsaxtBXu2+WlsaxtBXu2+WlsaxtBXu2+Wlsax:7PKBX4mtfBX4mtfBX4mtfBX4mt
Score

10^/10

discovery execution stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoveryexecutionstealer

© 2018-2024

Terms | Privacy