stealc | d688113f745fbdea695db3f1c441431617fd6e07dba111d61c24126c0b0314a4 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows7-x64

Setup.exe

windows10-1703-x64

Setup.exe

windows10-2004-x64

Setup.exe

windows11-21h2-x64

Setup.exe

android-9-x86

Setup.exe

android-10-x64

Setup.exe

android-11-x64

Setup.exe

macos-10.15-amd64

1

Setup.exe

ubuntu-18.04-amd64

Setup.exe

debian-9-armhf

Setup.exe

debian-9-mips

Setup.exe

debian-9-mipsel

Sharing

General

Target

Setup.zip
Size

22.9MB
Sample

240629-dcnr8szane
MD5

e1f55747103934ef5573148034a58eb2
SHA1

b0e417041f70c3b025b40bd5f78d329c6c322d81
SHA256

d688113f745fbdea695db3f1c441431617fd6e07dba111d61c24126c0b0314a4
SHA512

5ac7e5680d6cea9094d25b678133ed595bfe9bec75752e0513ac161f9d7ab50627eb318a7b52ff585ba914fa1689400641113c78ea9c0b4fd886cd9a9e6ef759
SSDEEP

393216:cwxNGM8CmiC0/BhMgKoz2a4kc4iocKFVIkWji+GjzEB6eng0MheLivPlpre4GDnY:cwxN3oizwcwocKFyW+EEB6eg00eGy0

Score

10^/10

stealc vidar bd7a7ef85507e39998176b88b253bdb9 android discovery linux macos persistence privilege_escalation spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20240508-en

stealc vidar bd7a7ef85507e39998176b88b253bdb9 persistence privilege_escalation stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10-20240404-en

stealc vidar bd7a7ef85507e39998176b88b253bdb9 discovery persistence privilege_escalation spyware stealer

windows10-1703-x64

17 signatures

150 seconds

Behavioral task

behavioral3

Sample

Setup.exe

Resource

win10v2004-20240611-en

stealc vidar bd7a7ef85507e39998176b88b253bdb9 discovery persistence privilege_escalation spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral4

Sample

Setup.exe

Resource

win11-20240508-en

stealc vidar bd7a7ef85507e39998176b88b253bdb9 discovery persistence privilege_escalation spyware stealer

windows11-21h2-x64

14 signatures

150 seconds

Behavioral task

behavioral5

Sample

Setup.exe

Resource

android-x86-arm-20240624-en

android-9-x86

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Setup.exe

Resource

android-x64-20240624-en

android-10-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Setup.exe

Resource

android-x64-arm64-20240624-en

android-11-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Setup.exe

Resource

macos-20240611-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Setup.exe

Resource

ubuntu1804-amd64-20240611-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Setup.exe

Resource

debian9-armhf-20240418-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Setup.exe

Resource

debian9-mipsbe-20240418-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Setup.exe

Resource

debian9-mipsel-20240611-en

debian-9-mipsel

0 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Extracted

Family

vidar

Version

10.1

Botnet

bd7a7ef85507e39998176b88b253bdb9

C2

https://t.me/memve4erin

https://steamcommunity.com/profiles/76561199699680841

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  Setup.exe
- Size
  
  707.9MB
- MD5
  
  b25431a1b7b821eef6f77698c18fabb7
- SHA1
  
  8986dac902bc4827925550dab54d522c9d508d50
- SHA256
  
  b81deb9f7a113389c170b54921cd8ec33216e7819b91b3a413e2ee79ad592434
- SHA512
  
  474e6f1ad5eb02557f3046e6f23f176bca72248617a2b6c4b9378ac18b72e32175a8976e3e8d106c454d12b946e920aa1048e374b701c218f87df1d335d15f27
- SSDEEP
  
  196608:P/tv60Dx802nynypt/G0o55XGyPkqPVGEt3eaie54JngocFYKAAPIVelZ3wTVCZU:tBx802nygh6WwZjeaF549X
Score

10^/10

stealc vidar bd7a7ef85507e39998176b88b253bdb9 persistence privilege_escalation stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral10 behavioral11 behavioral12 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidarbd7a7ef85507e39998176b88b253bdb9persistenceprivilege_escalationstealer

behavioral2

stealcvidarbd7a7ef85507e39998176b88b253bdb9discoverypersistenceprivilege_escalationspywarestealer

behavioral3

stealcvidarbd7a7ef85507e39998176b88b253bdb9discoverypersistenceprivilege_escalationspywarestealer

behavioral4

stealcvidarbd7a7ef85507e39998176b88b253bdb9discoverypersistenceprivilege_escalationspywarestealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

© 2018-2024

Terms | Privacy