stealc

Sharing

Copy URL

Twitter E-mail

General

Target

Setup_Pswd_1234.rar
Size

22.1MB
Sample

240630-2ejs3a1cpj
MD5

f4a8a5bf7741f1596d91892eb082eae8
SHA1

5f79b8b7c7e5075505b69ee43d337df5b701c445
SHA256

b51105615d31ef7388b9ffbf670133cb173d1e7a7100bfef0b93e2b6e58b9142
SHA512

33763fb9ab784152831eb3e28c32986e4fc425132ebdfd5c68c796e8905899b8abc3f2d95c57a7cee5bc7b68a086c916fa82831572de03fb75c7f4c03cde8ad6
SSDEEP

393216:u4gMVQjdQM2hN5cubJ4NOPnlYRxtIkZT2Pvf5dXQtik0T2v94z9RU6i3Hv9:DVCYhN3J4NOPlYdY5dAIj7UD3Hv9

Score

10^/10

Malware Config

Extracted

Family

vidar

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  Licenses/1049/EntityFrameworkDesignerForVisualStudio2012.rtf
- Size
  
  37KB
- MD5
  
  aebed4e9ffebd6d94e4d2f147339b542
- SHA1
  
  192168b8f57c8243b20971480d0276ba6463367c
- SHA256
  
  4a222073413cd8fcca970c9a60038dfb87747dc50a05e69a5332a8d9b0df7300
- SHA512
  
  26f1708f2515515dfecc0d4bb1e8732c68211458e72eb8409a63ec0da363f4050c93bb884c7e5036d58e7dbe8b1ef5c0bdb9b5c100b1c50b11cf19055473e7ff
- SSDEEP
  
  384:USETlVTdFy05H+wIwHpMFUENE7ajfQaLITavfvzyszpe0K8k13DiCeohN7Uii6s/:M/B8Y+/wHh7zaLB7DUejk+/d
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Licenses/1049/ReportViewerAddOnForVisualStudio2012.rtf
- Size
  
  16KB
- MD5
  
  aaf0f66072b4190b7dd8be5ba0eff7ae
- SHA1
  
  5e3eec90c3b4db2b33e6d798a7b92294bae7c15c
- SHA256
  
  f38ffa3737d6bc0bc62e26879f56913c75d0108531f1fc7fdd5026b018e2a8c6
- SHA512
  
  a9c6dd06f0312d7226b6ce6849cfef7f533e1e4e1826a016c0ff7e40d63628d424fa84b64ca15e1259adde945a16826ac64c1babd96c31a6decdbe9bd15d1659
- SSDEEP
  
  192:bfrtIuCAFXVacaFIaCXtMOd6DjNaORtxRpRNw+Y1YqKajyfMZgZja0gkpEGyesYH:XbCEoU8tvAVCEztAgW/IpSidBKeV2
Score

1^/10
behavioral2
- Target
  
  Licenses/1049/SQL08CLRtypes.rtf
- Size
  
  202KB
- MD5
  
  e4c46a10abc102a9467869dc3e3735da
- SHA1
  
  efe4f402c1fbac87a3e21c649d3977a8729f58c4
- SHA256
  
  fe2bab338b1006fee0f78d22b08cb0e82512ea4f688f444b0fa338d4b0e0fba5
- SHA512
  
  48256984fe2f5e32da2eb38b758eb12a7a3fe08861bca7ba6c279e156c52d69613e5a98ebe3583250ab6340ee24201dc903e7e6cfd52bdf4bf6734a3e0252846
- SSDEEP
  
  1536:tkyMNaalQWBIU80cvtcXZ1SJJ4RRJAoJPAzO3EmAOAKjI1RdMGZaj92VjJ:7MbRJAoJPAzO3EmAOAKjI1RdMGZaj92v
Score

1^/10
behavioral3
- Target
  
  Licenses/1049/SQLCmdLnUtils.rtf
- Size
  
  34KB
- MD5
  
  27f3d76b22cb7f572074d025f85f021a
- SHA1
  
  41eed1c4929472f6759d5a0cf81cbf2e899f478a
- SHA256
  
  1a27d91c40e96e84a68149413a3195e591de7bbd961128a94a618ad6326380b6
- SHA512
  
  121f470665e25f85604648b0a990d6f076301c1dd38d4527a6e3a39258cec9eb0e73abef1701c1e2dbf15a66f09e8deb5b2e09bf84d2563b6e2257750aa3ac0f
- SSDEEP
  
  768:f/J7np/ysZMV11pQ0eF5u2JKRTmrVeQW4zh+:pkmrkQW4zI
Score

1^/10
behavioral4
- Target
  
  Licenses/1049/SQLServerCompact.rtf
- Size
  
  38KB
- MD5
  
  a6c62155669f9220017f2e84dcff50f5
- SHA1
  
  2ffc64f5c1a7e276613927d040cef57bf9a3d9b3
- SHA256
  
  d521e19c1cf8f4a3d1e694cb63555277a02a0de0345c8ae077664ce9b07ea1f4
- SHA512
  
  473a348fa96fdd0495557fe54220224c10b9a21b2fd3898544e553307d0a64a152c3e84b61b1504a063b5824db0ae26192dbd81100124c18e90e5f593b81f808
- SSDEEP
  
  768:vEiER/HNuz7P/hnX/sZ3Wao/ozWF/UVl13sZBw4ROVPQOe8OoprWW:8i8uHNP1gYUnqTw4c1QOe8OopCW
Score

1^/10
behavioral5
- Target
  
  Licenses/1049/SQLServerDACFramework.rtf
- Size
  
  34KB
- MD5
  
  86cbba72f3bcbaa40db660f78a19db7a
- SHA1
  
  e2e710f35442d77dc0bc24938d2fda40c8c742bd
- SHA256
  
  eda696fc7db33cb04abce421aaa82d42c183a859750e0928d3ae89730a74ff01
- SHA512
  
  aeba78ba29aa569c63241d096570665df6b0df380a24c28b11bd5d999218ab57b6d7abffbdce0a0d38d7b78751000d3884b5747553c5e6486a3a1cbc8b6617c4
- SSDEEP
  
  768:i//7np/ysZMV11pQzF5ugjBRTmrVeQW4zh+:IpmrkQW4zI
Score

1^/10
behavioral6
- Target
  
  Licenses/1049/SQLServerDataTools.rtf
- Size
  
  149KB
- MD5
  
  09ad30853fe51bd9e66bfcbc2df1d1ad
- SHA1
  
  3461a9670f4887e6c84f63e45382ed7bfea397c4
- SHA256
  
  556af6aa652e317b1c6eb4a502d11f5280b0ed0ecd6b0f11d27685500c3aa404
- SHA512
  
  f4f890b7c1d1a4cd14a136f86a254927a98f5457e57bfbaecfc4eb00bcda0c9add683b0f5e53a94a927b07418e2aa79acc31e1736b9f5cb1b3cf637c75d48bc8
- SSDEEP
  
  1536:rP4r8QWvz3DeLrkQWKzKMoHvVT4eC69F8Q5e:ZHI
Score

1^/10
behavioral7
- Target
  
  Licenses/1049/SQLServerExpress.rtf
- Size
  
  38KB
- MD5
  
  2822a9a1c2b81b5cf78d255f61f0d2ff
- SHA1
  
  b3e288a1cfb11306835b735ae97d1fe3eb65b7cf
- SHA256
  
  cd6020e838ef9322d76fba426fe69504c1e721d2d847cbf6014a7d4c22d975b5
- SHA512
  
  5d1f813fdd4224327183de8d40edbf826c224bdd69116186e8a1d1a99216c11f51d3c55f8c8dc630292b7937719a0d0e0269a128c03264940b3245236eccf888
- SSDEEP
  
  768:mMkyRnXVLVHQd8A18IhKlHTA8TvR4rVMdPWnzc1:GyTV4rgPWnzy
Score

1^/10
behavioral8
- Target
  
  Licenses/1049/SQLServerExpress2008R2.rtf
- Size
  
  38KB
- MD5
  
  447999d085ea9b3ecea1fd63b7afaf79
- SHA1
  
  465f61f24cb829e3308d73da9dd32c7ffbb06b16
- SHA256
  
  c0088a569202fe81d1ce9c99dc12909e8866029ad4d925a333a4440ecac29bcd
- SHA512
  
  050944b836594a520bc725f8485ef8998e5e6a31d88f9ec057a3b04d0a07f4cc00189e14ed0539b5c1e4be62c764256b30581f305f882f21821b4607be597840
- SSDEEP
  
  768:HMkyRnXVLVHQd8A18IhKlHTb8TF4rVMdPWkzcG:/yT04rgPWkzh
Score

1^/10
behavioral9
- Target
  
  Licenses/1049/SQLServerLocalDB.rtf
- Size
  
  34KB
- MD5
  
  797e8703ced517fdfda176aa1d47a364
- SHA1
  
  d28b78b74e1a5df1d3163d0c8588bcd726c0ba1b
- SHA256
  
  5d2a702908c92d5806088f0218438d2e2ce0438dbb69e1b97d82c33ead742c32
- SHA512
  
  8552fddb5451fdd235cdbbdda0771a5fb7e5fd9208df9256dc4387fdbaf1d46a0297c2130ba9f0765701fc78ea979c7e1ace2138d6135a730ea090fdc4353b6b
- SSDEEP
  
  768:5/w7n5/OsZMV1DpQzF5ZcTPydDmrVmQW4zh+:mJmr8QW4zI
Score

1^/10
behavioral10
- Target
  
  Licenses/1049/SQLServerNativeCLI.rtf
- Size
  
  36KB
- MD5
  
  967260c6874be8065eaaf1e77c3e9aec
- SHA1
  
  f1635a1570ccb98c49971455c5f7a81a70ddb284
- SHA256
  
  5dbf184fc60f7dba8d1dc2bd6982436472858417767aa0a4b8db93c008139233
- SHA512
  
  7ecb38a13e1395bee006a78f138cd65d848e311872136630e6c71e99f5315a1184d3c921320e27d7139c6faa4babf8401be0929ef3d882c1a9d1ea87c44a2e4e
- SSDEEP
  
  768:y/J7n5/nsZMV1xpQDF5f7x8LdlmrVmQWYzh+:Obmr8QWYzI
Score

1^/10
behavioral11
- Target
  
  Licenses/1049/SQLServerSharedManagementObjects.rtf
- Size
  
  77KB
- MD5
  
  545c33b84d5ae00fd4ce3163f0423739
- SHA1
  
  158f8147f79babce76c9f148424a97860f4599a5
- SHA256
  
  7ae38f9b3ba998a1d425fbb615a8b813d94f03282b43c4035ec0d275ab0998ce
- SHA512
  
  554bb0c50d67e93b77e7abb1c6dc895a09a28dffdb910393e55cb7a092ebbf60c89367a30685c9b2ebbf292da6da20656e893eaea3bbe5a092203bebc8997775
- SSDEEP
  
  768:m07Pnb1uY+BFCxOjjBsycAw9a7Md4rVmQW7zWme7P8Y29FqoOjRBTYcr/7qyOlU:534r8QW7zS3
Score

1^/10
behavioral12
- Target
  
  Licenses/1049/SQLServerTSQLCompilerservice.rtf
- Size
  
  35KB
- MD5
  
  43466d16f1360d06142fd07fa731ceac
- SHA1
  
  2f808dc1713e453cf8417a65ccfadcc343ca44cf
- SHA256
  
  964e20127b9f881909aaa65e3f0691bbb8699793510300da0b8be854d92aedc5
- SHA512
  
  286738d701dfd31e98217c43339e1c03ff3d0b0539cf98f898f1bc04a283465f4ae6c4f555383157c6e817188b41a7a5724768f099f0c4e8857a9a93736e2db1
- SSDEEP
  
  768:X/J7n5/EsZMF1OpQ0eFXU7xOlZXC+mrVeQW4zh+:xWmrkQW4zI
Score

1^/10
behavioral13
- Target
  
  Licenses/1049/SQLServerTSQLlanguageservice.rtf
- Size
  
  35KB
- MD5
  
  9d6a4ddccdf55aef835b969e9dc896c9
- SHA1
  
  fd6ab03a2cc5c1b40f0c4f9ee606a37a639825d3
- SHA256
  
  62047be1fc0f19584845e5e2e151321fa3ffaf7e02ab88d60833142e2ed77051
- SHA512
  
  229af7a556575ae3b154d24a40e322adec00f397659341e22f2bedaec437781cc5b37b38eaffb14230f455681535f0d1a9e0cc97b08027be7ea3ab916d55149b
- SSDEEP
  
  768:a/+7n5/OslMV1xpQ0rFCD7x6yC+mrVeQW4zh+:57mrkQW4zI
Score

1^/10
behavioral14
- Target
  
  Licenses/1049/SQLServerTransact-SQLScriptDom.rtf
- Size
  
  35KB
- MD5
  
  590af30e40a85ad9c9795e90ce2cc7a6
- SHA1
  
  19296f4a72f73c27ec4dcd05405bab267e609ea7
- SHA256
  
  e4de7988720271c69797bde0305c8358f65b04d354bf1917eaf88a8253d5ddb7
- SHA512
  
  49532fe5559a5d621479fa0a009276d8012f7dec3da6b4da45843e177528ddbd64cff60914ddd2a122b6ed826f8c9f7111ae021082cf5a24d97cf1ed83842814
- SSDEEP
  
  768:U/47n5/EigiVdepQ0rFX37xOPQXClzmrVeQW4zh+:NLmrkQW4zI
Score

1^/10
behavioral15
- Target
  
  Licenses/1049/SysClrTypes_SQLServer.rtf
- Size
  
  35KB
- MD5
  
  33ce27520f4a92dee28fdd45ac763b34
- SHA1
  
  f22f9a261e8b19632aaa9b2555a737fb45934a27
- SHA256
  
  48250529bebb096c8f5b7cd1917fe7aaa670d781ff9d8e2482c4d2795eb44de5
- SHA512
  
  0af3e8fbdce2a2bc0136e37c8f840e0dc98d687b3904a0349a2256de30ca959e0cd6f4c916cd26ba7410af0ff2a21fe115df67a1eacc5d003a0c098add14f602
- SSDEEP
  
  768:X/47nuOsZMF1xpQ0eFXU7xOPmC+mrVeQW4zh+:QFmrkQW4zI
Score

1^/10
behavioral16
- Target
  
  Licenses/sdk_license.rtf
- Size
  
  60KB
- MD5
  
  f5e22a46bb7eb753232cd804d64b8fda
- SHA1
  
  edf5362134a3dd565d75ff076ca556ce5e317902
- SHA256
  
  970ba72d388edefa96cd05eadcfd25002f18040bf9267cabc243c1ff47ee2282
- SHA512
  
  4f1cc8cff30c297ffa0fd745546446821e2d729d45608e3760b8d7ae0b42198d5dda79f1ca579c20ebfd373898981ff4b2b7f29ecd0fbec02a569903d8deae67
- SSDEEP
  
  768:RtSg9Oxf3ZybsaXCL1v4VlsU9dDPu33znIINuCLeiO3HnIPWhYBvvv4g1+qideiZ:Rt5ef3XaXuQc4P7VNiXOKB3QQjyNi1O
Score

1^/10
behavioral17
- Target
  
  Licenses/sdk_third_party_notices.rtf
- Size
  
  60KB
- MD5
  
  111cfce947c70a8cfd05c5d3fbb04fe2
- SHA1
  
  e1ae3970c6f3f7feb2fc2f42fdb899e12709a5a4
- SHA256
  
  4d78ad682381dc3572b8dc12f11fc6ce571587fe3d5ea8caabe8ed1fc638c966
- SHA512
  
  80dac8bb2c24ddddfd23ef6ef76b60d2bf8f8184232462bcc4261bab3254e5520a34c353bc86eead0510669bd36bf529e1bfedf5b144d235d7700d799aab44b5
- SSDEEP
  
  1536:V7EpQ6FMA7JjYnCBBEBr9xdQPK+ucGaCcNYg53Z/f5MAd/3N4a78d/C1xn3qLe1n:VAppFMA7JjYnCBBEBr9xdQPK+ucGaCcn
Score

1^/10
behavioral18
- Target
  
  Setup.exe
- Size
  
  2.0MB
- MD5
  
  8fa393540a587e758138645fa689f390
- SHA1
  
  0214c205e0c1fc792c94235d221bccf2b6af5057
- SHA256
  
  452f779d72e74bbf249d92926e9b17cdcc2910bd214469f664947f797e4dc33f
- SHA512
  
  874862e022f11e90d308c307ef806b5b0d7077ea1a058541b0b7c7821b0d12a5e45ee1e045c75ae915a41d343b1c08480830718aa2b9c7b905e2d063f22831f6
- SSDEEP
  
  49152:KDjlabwz9wDjlabwz906mqnRYVd1AUyvKDGoEBs8Ya6:6qw2qwi6XnRYj1byCKoEBs8YZ
Score

10^/10

stealc vidar discovery spyware stealer themida vmprotect
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral19
- Target
  
  Team Tools/Dynamic Code Coverage Tools/CodeCoverageMessages.dll
- Size
  
  35KB
- MD5
  
  566dec71428a874d2443ed4bc73427e6
- SHA1
  
  2e6411c3a1d26e381bb428f2bb32e2fac9ebe4f8
- SHA256
  
  c9b0d5fcff5367c8ebcde542fd2f5660004354c904104f25d6c8f94359edaf13
- SHA512
  
  aa19c2dda8a93824f970b9e1e227e2ece57d892e510e9968b5f184923ce01e0568ef3de533facda64000a3dc4056bd2748a4e001c53754de337209211c06ac07
- SSDEEP
  
  384:pWgMWGPNAcOHm5XzjUC4lbLGkERPrSEExYRSatpdIoCTlqx491LHB0GftpBjU6Fy:twPCYiTZWi2h1H5UW
Score

1^/10
behavioral20
- Target
  
  Team Tools/Dynamic Code Coverage Tools/amd64/CodeCoverage.exe
- Size
  
  605KB
- MD5
  
  11922a715f64321a17df87086c066e2d
- SHA1
  
  d784d99b4a12cda825ae5fc0f512d786b843f8f3
- SHA256
  
  df3be72be588f2b532738f0e78ea853f79facfb8bb26d4e5882de3fe1481780a
- SHA512
  
  6035e3bf103783ae7f27e2a101e7f78f6ee498ac68b7fcbcb8b9bb0d483034c0980367078096e2fbfcefca96e438fbf19f7ed68967b9f292ce545b63e69b94a0
- SSDEEP
  
  12288:yMxi67r+QYvL/mPNWLehJFeLk0K3JbbJLfaOB/NjVWbFs8yK92:yMxi6/+QYvL/mlWLeAk0KNVWbJyK92
Score

1^/10
behavioral21
- Target
  
  Team Tools/Dynamic Code Coverage Tools/amd64/covrun64.dll
- Size
  
  1.2MB
- MD5
  
  da3dd91a69731813db624ab08c29d091
- SHA1
  
  3672a1c0a508a2ac4b1ba65a00157e14dea305f2
- SHA256
  
  5632955e1658221daeaa44757911d7c9d9edaf97c195018f76bdc8d3112dee47
- SHA512
  
  ac623cbc36e406975204c0ad21a03ab76c2fcae8d4d414d31fbda358fa18462c855b7db6a1363b78e147a7a04688d9a31db98bb6f9f02641770e99aec0fc4bd9
- SSDEEP
  
  24576:Fw18i5ybbMUv+rMFsUneRPJhF9+enKAKLo:L/ZeMcPJhF9+enJ
Score

1^/10
behavioral22
- Target
  
  Team Tools/Dynamic Code Coverage Tools/amd64/msdia110.dll
- Size
  
  1.0MB
- MD5
  
  24ac8872b2ce510e3b615e3a50059fdb
- SHA1
  
  d06915c57a24b2bc6f806b3d9b944742b9f161af
- SHA256
  
  1d5d4a3c0d149966835e3832ccf16bacdc0b4fa799e4cfab0c7852ead59e9d24
- SHA512
  
  9b62c352eac4fb1317fd1d6390c99bf88a64700651b9c37d95482a41f02c36bc587ff14bdef8223a1b1f178539e7bffd928da60de7a6b982e3831cb17e7b93de
- SSDEEP
  
  12288:agyupQeL8wx8XhiaMQUjEAdwATQessvmp5ukkgr5yeYcc5eFN1pxxVwHBNiERA:agyuGMzjEAdwAUpBkJeY15k1VwHBNiD
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral23
- Target
  
  Team Tools/Dynamic Code Coverage Tools/covrun32.dll
- Size
  
  806KB
- MD5
  
  274f61254be878e944c41b78af3dc2e1
- SHA1
  
  b864f63e4753458b8caa64cc8e554dbd07c8ff1c
- SHA256
  
  6c6b153584465b6756d33de82b0b51da75eec2c96373862ca5ca0412991a1c87
- SHA512
  
  a27daab85b00be27da0651b40b165d371942e59d02c0e5dfbae6512a260264f4f966af59770760244c2bb6d3923467ed1307008c01ccdbf1891506c663958339
- SSDEEP
  
  24576:pRtIpJbYtjeoOufeFibRcJUDL1m2+QYTeMQII:9IpJbYdzBDL1m2+QYTeMQII
Score

1^/10
behavioral24
- Target
  
  Team Tools/Dynamic Code Coverage Tools/msdia110.dll
- Size
  
  868KB
- MD5
  
  3c2c91154546602b70c82069d31bee7e
- SHA1
  
  cb0067ebc8a6ef8f5b3d8eb7ef91a24d262af04d
- SHA256
  
  3170c85159f32ffc93edb752b34003859904da64e2e4da54e9fa03e1142bb7d7
- SHA512
  
  ceabec5f60dc1e3d423eeb0ad069104f668982460baa5845728cf6fd4f7322c6095f74550fbdc7da9a754db400602274b6a9cf0399f5071de1fdb047a1e3bddb
- SSDEEP
  
  12288:hch7L05KLSukOtyAX841kLTU291YXGYug6ouBR620oG5h7BAEdR:hwhIW84mL07FoutA
Score

1^/10
behavioral25
- Target
  
  Team Tools/Dynamic Code Coverage Tools/ru/CodeCoverageMessages.dll
- Size
  
  37KB
- MD5
  
  cd9c322edc56fe295f7ba3d905d7d7ec
- SHA1
  
  d8004eb26bebc179ec1d83d7bd53bbdc0bd32bf8
- SHA256
  
  52e02bba88b4e12f50d31016518053b6bc76ce852de220a35c91919fb22e13fc
- SHA512
  
  834fc68cfcabcdf3c4358a6f0098e501e618780247eae8f5809e4494731194019a113308b9cbdb4f74d7ee4fdecc1d6eb7f5bad8bfa41b8086d833f4dee6b552
- SSDEEP
  
  384:/5/0qBxW7rsYJEFBoEUIsK0sTi1OWQaAtMW/1LHB0GftpBjsFIMFtAHRN7NelR8Z:/NfxWEBoJMDWiqGLNYhxm
Score

1^/10
behavioral26
- Target
  
  Team Tools/Performance Tools/1049/TSDevPkgUI.dll
- Size
  
  28KB
- MD5
  
  14f531bbf1dfc33cbb76f3e2329a315f
- SHA1
  
  10249cc0d999f87f861a5fa024b3c861237357f3
- SHA256
  
  1fdd495b1d08858982479fa87f8a3bebab780849886b9902637684ac1e1af002
- SHA512
  
  56e6de7aa132f98824731f9ca36b661d1ba73348ee8238795496ddd629cdc7f8c7eb63cf49e5ece88b11810269dd5bba928f1e4ef5ce53bc5735018355edcf0f
- SSDEEP
  
  384:Nm1mXWv1k440GftpBjy9BFtAHRN7J8PlEB0/5:NmYIDipJhe5
Score

1^/10
behavioral27
- Target
  
  Team Tools/Performance Tools/1049/perfpkgui.dll
- Size
  
  119KB
- MD5
  
  3032869f2692f9e13629a2026775b479
- SHA1
  
  4307e1b257e28592d9287103d991fb3da3acf8f9
- SHA256
  
  ad6be0c8ad23961b8b3824cd66db0d5c828827b148f82e92ad12f1b692ca6322
- SHA512
  
  cf5a32ef1b29205765509c64cd2ed96b38b42525ccb4bcc194425ac516ebd9ea7859ac7491e474fdcee2dbd46495e1f4c4306bab31cb2fdb38ec97f28e2d0992
- SSDEEP
  
  768:hFJPucMum7yLgigKgRUM00wmuK6m7HhLYasi9Mhx5:hFJWcXs5RXJQ0MX5
Score

1^/10
behavioral28
- Target
  
  Team Tools/Performance Tools/1049/vsinstrui.dll
- Size
  
  69KB
- MD5
  
  42c2d411ec34cbb32ee1140228187c81
- SHA1
  
  39269a066b83c5eebb4428375ef16d5850209e24
- SHA256
  
  9c5d2602ce9947dbb0aad2a2e878a72938b2e701b26d5542621121f028c96e68
- SHA512
  
  4bef11c45a6c7d28b0294cbe46f00884401c46206e17b00da0b5b8c7af12ee8f3754710148ebeff390e79222782b78f6106c88c5c122c76e62db424d1574fa28
- SSDEEP
  
  768:Rde23M4R4eDn3DWFR3MG9zNc8BMr/PMvJ8B5wiQYolG7WiCkWq+:RIlb9zNbm4Cw77Pvbq+
Score

1^/10
behavioral29
- Target
  
  Team Tools/Performance Tools/1049/vspmsgui.dll
- Size
  
  123KB
- MD5
  
  297274dfc039e9c9efb8fc1a39753585
- SHA1
  
  65cd7f915966cd260c7d3e913b580934e4a9bc29
- SHA256
  
  e7aa5723e9596a06bedf1ca402becdd3033cbdb4395b97172e9d7fd4001956b0
- SHA512
  
  fee20c2b8a67ee2010cbd225bb7383b497678f34829e317e029213d0a612963ff73728da1d070a1c11b8a44135dd4f97768e112d0ec957991a83a60565b68f1b
- SSDEEP
  
  768:Gjv0rUArazWNu++a8dgLuMZ/GlkR0yEcRv4wfjQjCDjxul8OVV/Li6yWIpY1dLWM:CpfwfMuDtuTO6/1diVFI
Score

1^/10
behavioral30
- Target
  
  Team Tools/Performance Tools/KernelTraceControl.dll
- Size
  
  180KB
- MD5
  
  7609229e1a8adcac0aa6cfb6db618f87
- SHA1
  
  601ab37c5d0d7946b83d86f7b7e20617a41af63b
- SHA256
  
  31d7dad4b7ec122d0ca50b6e4c97ad47ae64b093a6d63ce2ea92f5467e099226
- SHA512
  
  1466f652a8ddccdac97893364466a95d5f81715302f7d567740d500bdbe433deb688803c6daa05fe04f0c42c0cc0e3497ae0a642642fcdc97eec033537c3c3e7
- SSDEEP
  
  3072:lJTIa03rCNOLYNc1bxfYLZW6epRIMBVDPETDi1vxlw2vmi9o:l2eNOLYq1bAZWNLJsgjvmi9o
Score

1^/10
behavioral31
- Target
  
  Team Tools/Performance Tools/Microsoft.VisualStudio.Enterprise.AspNetHelper.dll
- Size
  
  98KB
- MD5
  
  6e1a8946ea119aac63229ed11596701e
- SHA1
  
  7a60fb04270b2eb2877a7ff1176aad03a1895560
- SHA256
  
  b90343962ac631903f281bee58e1f350203691962a661a0fbaca2660c4dad562
- SHA512
  
  208168207ecfdacc668a8c6ec2fa437fe7a570c41f7d2ba6927ec47e180f4d186f398bdbc438b04109144c4c6b486df5a0076216150ad86b10207ae7305ca9d2
- SSDEEP
  
  1536:xJ5COh+mJKMBkDByUEIKc+BCnosoEgsF9o5YWPjmyQdbTXu9Z:XOWKMBzYXosbgU9o5YWPjmysbTe9Z
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Extracted

Targets

Legitimate hosting services abused for malware hosting/C2

Detect Vidar Stealer

Vidar

Downloads MZ/PE file

Executes dropped EXE

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Themida packer

VMProtect packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32