stealc | dc154a3e2e3a5937a626a3b2456a95a1265d064a3e7c612ee809990783703367 | Triage

Submit
Reports

Overview

overview

Static

static

baf217d7bb...ce.exe

windows7-x64

baf217d7bb...ce.exe

windows10-2004-x64

Sharing

General

Target

0a7b3454fdad8431bd3523648c915665.bin
Size

149KB
Sample

241202-bc5dwawmfq
MD5

8edd53c4ca6515334ea88224f9d0e992
SHA1

b84146ff89c5a6f5b7d215f3802991f2403fc74b
SHA256

dc154a3e2e3a5937a626a3b2456a95a1265d064a3e7c612ee809990783703367
SHA512

09ee64ae59a1745433a89a9fd5ec74a0e4d3c7f3781b472c463b3c2914ae476f37d41f10a7852693de1c637f5df77b041a946454954101161f90c01d1ac5fbae
SSDEEP

3072:TGjri+poHs16DmmOs00ETv2rMGk42cgFv+HVd09la1cbdq:Cj2+uyNCgv2rMGkp9+HVdQbdq

Score

10^/10

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery stealer

Static task

static1

stealer 41d35cbb974bc2d1287dcd4381b4a2a8 vidar stealc

4 signatures

Behavioral task

behavioral1

Sample

baf217d7bb8f3a86856def6891638318a94ed5d7082149d4dd4cb755d90d86ce.exe

Resource

win7-20240903-en

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

baf217d7bb8f3a86856def6891638318a94ed5d7082149d4dd4cb755d90d86ce.exe

Resource

win10v2004-20241007-en

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

41d35cbb974bc2d1287dcd4381b4a2a8

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  baf217d7bb8f3a86856def6891638318a94ed5d7082149d4dd4cb755d90d86ce.exe
- Size
  
  275KB
- MD5
  
  0a7b3454fdad8431bd3523648c915665
- SHA1
  
  800a97a7c1a92a92cac76afc1fe5349895ee5287
- SHA256
  
  baf217d7bb8f3a86856def6891638318a94ed5d7082149d4dd4cb755d90d86ce
- SHA512
  
  020e45eaeee083d6739155d9a821ab54dd07f1320b8efb73871ee5d29188122fdbb7d39b34a8b3694a8b0c08ae1801ec370e40ff8d837c9190a72905f26baff9
- SSDEEP
  
  6144:vh0ZpFC4sffny7TuLBdZlT4DIJYdy3g8ioyrN:vh0ZpFCfB3TGyYy3biBZ
Score

10^/10

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealer41d35cbb974bc2d1287dcd4381b4a2a8vidarstealc

behavioral1

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoverystealer

behavioral2

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoverystealer

© 2018-2024

Terms | Privacy