stealc | 4b56d0417179ae596a8a85bc773f8c124b50d5186a6f13305c87c767b5f32b98 | Triage

Submit
Reports

Overview

overview

Static

static

3

fa4f1c0b32...af.exe

windows7-x64

8

fa4f1c0b32...af.exe

windows10-2004-x64

Sharing

General

Target

81f6b6fe3201c3941bd49243c5896811.bin
Size

17.8MB
Sample

241202-bykxcssme1
MD5

a6a0c8e5156d472a53ad6b530063b7c1
SHA1

8f4f4742e582a641d5c3c67e621faeea465de15b
SHA256

4b56d0417179ae596a8a85bc773f8c124b50d5186a6f13305c87c767b5f32b98
SHA512

e94752f8a724a16bd65633305ad8aec1ff4ca38e163f861b0eed9d644240a03bbb14a96b683d5f18c33dd301a45bc8832d3242181031252c4b58a6b68e560d20
SSDEEP

393216:EF/hF48uRByZm2wEZpMXuf8DsbTYcO8NXsi01:MZ28G+m8ZsL8NX2

Score

10^/10

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery execution stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf.exe

Resource

win7-20241010-en

discovery execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf.exe

Resource

win10v2004-20241007-en

stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 discovery execution stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

11.8

Botnet

41d35cbb974bc2d1287dcd4381b4a2a8

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Targets

- Target
  
  fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf.exe
- Size
  
  17.9MB
- MD5
  
  81f6b6fe3201c3941bd49243c5896811
- SHA1
  
  8bd0d5bb78255fc9f2dcf70fde14dba16c66551c
- SHA256
  
  fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf
- SHA512
  
  f3d22c84fb70a2c851f533037b74c45248b9074aa3042371672c89c3ee5229bbdbbc193e54840adbc5f17672430fbbc0b94dd12c8014f3a3ec93fece24e54d4f
- SSDEEP
  
  393216:7bbTRUBXu2+WlsaxtBXu2+WlsaxtBXu2+WlsaxtBXu2+Wlsax:7PKBX4mtfBX4mtfBX4mtfBX4mt
Score

10^/10

discovery execution stealc vidar 41d35cbb974bc2d1287dcd4381b4a2a8 stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoveryexecutionstealer

© 2018-2024

Terms | Privacy