stealc

Sharing

Copy URL

Twitter E-mail

General

Target

2add711ca974a123872d33093f032579d664931674453ca52cf368db38cd9232
Size

2.2MB
Sample

240630-18cfea1app
MD5

6ebb6ce93430a786285ccf8ae2eb0a98
SHA1

7d870ff876b1d62242536b782bb0b9df03884f20
SHA256

2add711ca974a123872d33093f032579d664931674453ca52cf368db38cd9232
SHA512

078c2be2a994d1b382b360b6c30c2741c8c5d1357f21ae12b885d8ae067f968407d6038d5f798ea500af0556ac97add18b293c453d74084e5da5b82ed2afe354
SSDEEP

24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXXeU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPd21tuuIeNHYGY0LzjsJxK

Score

10^/10

Malware Config

Extracted

Family

vidar

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  2add711ca974a123872d33093f032579d664931674453ca52cf368db38cd9232
- Size
  
  2.2MB
- MD5
  
  6ebb6ce93430a786285ccf8ae2eb0a98
- SHA1
  
  7d870ff876b1d62242536b782bb0b9df03884f20
- SHA256
  
  2add711ca974a123872d33093f032579d664931674453ca52cf368db38cd9232
- SHA512
  
  078c2be2a994d1b382b360b6c30c2741c8c5d1357f21ae12b885d8ae067f968407d6038d5f798ea500af0556ac97add18b293c453d74084e5da5b82ed2afe354
- SSDEEP
  
  24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXXeU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPd21tuuIeNHYGY0LzjsJxK
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Vidar

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2