stealc | 0864ab62c90ac7ed596c5bd30a5caa28565b3de2a95c47d5e5bef1b631336092 | Triage

Sharing

General

Target

369812c4fe963a18df71a48606a5180a.bin
Size

22.0MB
Sample

240630-b462savgql
MD5

c9b8b7a85a782cc69ab20ccdbfb94c3b
SHA1

7a2fe1127b72784d352dad6af1a1cfa154d17fd6
SHA256

0864ab62c90ac7ed596c5bd30a5caa28565b3de2a95c47d5e5bef1b631336092
SHA512

ece81f96f64a0a6ab974330471ab92a5629b325c15c37932a5c6ef671850bd35083fc40ddf175c964bd844d0ce2e03ff3902114a85df63c4fc33e266b9f17db2
SSDEEP

393216:evkDzHi2oK3oledvQJ8Q475M69k79t25kWJKbYIghwmF3JFzHpbxWE4:6kDzC2h4lCvQui/X25jThwOntF4

Score

10^/10

stealc vidar discovery execution spyware stealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/Setup.exe
- Size
  
  656.8MB
- MD5
  
  a16936abeb9abc4945d6fdd76ecec729
- SHA1
  
  a74de976ce3af1db488626afe9796f7f13add504
- SHA256
  
  b2300fcaa158d08f4980f4cfe7373848256bd4918384a18e3c32b464add812a7
- SHA512
  
  d03704bef171f7815765fb527fa7c1103fdfbdfeaad22eb09b0af893ff1adec9455e7c6629946846be1924e12ac5213f7f467abf0a7276522bccfac3d25f8f44
- SSDEEP
  
  196608:doeohPRS9UUoFG2z4wThcbwNq1Af8YOdN6ZLAM4/tS9yS:doeoRao/
Score

10^/10

stealc vidar stealer discovery spyware
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~00299a408.js
- Size
  
  609KB
- MD5
  
  be9e2a3ebb4ee556764829e8eefb5a91
- SHA1
  
  70db765a74ee9da498fcaa249ecde81e5e7bc767
- SHA256
  
  76f03b849861ea77751d1ad402d5972c43f5d18b1208fccf9ade3622e2d2defc
- SHA512
  
  42f688a542d4e4352005c8ebefc5fabfa031a6826dc6982af9548c6299727e6020daade43e09afbf5635af7ed70c67cb39f9b07499f3c62b1a0f3cc9c7659731
- SSDEEP
  
  6144:+xNl2sveefznMvtASMJAhOtT521/koRUzpVZyr0NLWSMWVf:RWMrsAhOtIcoyjdVf
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~05c32d390.js
- Size
  
  119KB
- MD5
  
  694edfc6d2b825d3cd5adbc6984736b5
- SHA1
  
  49e0e7207504fde07060e9cd88e1ac22f33f9a75
- SHA256
  
  9deff6a71d2407fdef4cba6e5a2eb3fa933cfbd86ab16c2a04f4ecc1a0f98f86
- SHA512
  
  59324bf06982a8b2993693bcdecb51f0bc69ce83349ab16632e6c3ee24705a0fedc9cb5c960ef834cf1dab4129f59fe8f437d36a7e305a59b1fd0435320c337f
- SSDEEP
  
  3072:4ZlrgpAgy/Z2XdBr+CmcR3lOImTTI+NXEN4p:4Zlrgpzy/Z2XdBr+CmcR3lOImTTI+FEq
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~074e593a7.js
- Size
  
  93KB
- MD5
  
  c706c79bc9a4902c1a77e17d4d1b2870
- SHA1
  
  8b394b8555db3f7885fa0b97218e6d7f7ac4bf09
- SHA256
  
  3421fac45d10a64f9d72d007ec855293f6bd6d260d188395c9308882f6f91429
- SHA512
  
  4a0f1c2379083a67ed48121e87f9f8988f3ada1464774563fed8b6b2d5d359673a8b8802157770d35749f55174bb6f3a1445506f97798b03e89a9a1c94612f16
- SSDEEP
  
  1536:xK9lJjkpZFqOGkO95oMG2fQhgl9gmfasiXum31oxziQjJFRm:xSjkpZFqOGkO9CMG3hgl9gmf6Xum31o+
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~114e7a4e2.js
- Size
  
  91KB
- MD5
  
  58ef8a2c7f9c6e726d740f43bd7e1c81
- SHA1
  
  839f15576926fc342b712e6e52d01264d1afd89c
- SHA256
  
  c21595745a4dea4c46c4fef48fdf4cb51818c4b21a870ea81f12af19d978218a
- SHA512
  
  aa2ba8d650829b455fff4d6f1fb3266674a03a8a907e157caf17b06298c4308786092b7f8524173d5ca935d5bc3519ddf1b9a27a965ed1447b02604f242cb128
- SSDEEP
  
  1536:LEFubCk23gBto6Pb57kc39+5d9p67BJf9hu7Mi0T40KAC:3bCk23gBtoM+5di7BJf9h0Mi0T4SC
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~11d764003.js
- Size
  
  100KB
- MD5
  
  f2b1a6662b86963eee05f883051025ea
- SHA1
  
  93f04f6a89edd3d88826e4c1bf9c1f473b0ad0ea
- SHA256
  
  f7d45ebb733577be42a04791fb34230f996eed55e0520a05ae917a0c0895dba2
- SHA512
  
  e4b67e5add9c4738696e5aeb382e37a53bdf34ad03ce07c46fe588f2d8d76d919df9badcaea78ab632ce42707fadcf87698f06b3c5511d8a5f5a50048f1229b5
- SSDEEP
  
  1536:CDbhZtceod+5VV+PT69kAgUhl48kMCFEwHU6X6lw74y:E/od+3V+PT69kAgx8mFLP6lW
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~13bdaad06.js
- Size
  
  92KB
- MD5
  
  0b7512ee85cdf828ea62d3a840257372
- SHA1
  
  c7a0074a8d6ba9d1530dfa8f1156892b0d97570e
- SHA256
  
  3de5135e14e66b1446187903ac4e0a20a7cf7b4eda85d87e95cd8ddbb9933d34
- SHA512
  
  f40b2878481544bcba57b187ae928c8ff9b1c7753f574d9450d7b0928bf6be43f7472bbdca45b1e42163a62146f991b1f4a6357d5b427e929a0721f1617ae809
- SSDEEP
  
  1536:a6C3/VVQYEHCy23quSi7wZYoSYQOYO1WE8RXCQRuqo0:ieCy23quSi7MSYWqqh
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~1e47f672e.js
- Size
  
  84KB
- MD5
  
  2b73f264be2cc723a3d4fe7ebef2b49b
- SHA1
  
  0a2709b2aafcb3eb4676a3a35a4da61c37cb6825
- SHA256
  
  27d16a57e9c4b37c792c1c71f15ef8d30e51cdd0bfea68c36c11774c935a338f
- SHA512
  
  8f7a509bee4d93f2a40f7e545e1f5f914141c659196126d15ef728d7d2920432fb5eef859ea99f6a661370277299d11fa70406b85ac485c047ca34e37af79733
- SSDEEP
  
  1536:hLO4iNVcWTzOaKzRgw1Ieo7MMlKyymm4Edl8ufQ:NONnTzOaKzRgw1IeoIMlKylmNdCufQ
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~2dcc5aaf7.js
- Size
  
  3.1MB
- MD5
  
  f4e1f667c9315733b4d78ce18c10b0b2
- SHA1
  
  acc133fedc52be0e6e5b2ee1ecb9bef7609e8d87
- SHA256
  
  13d2bc9a0ee3c093471e2a8296d04ba13b339583780e952f0105f957ff434ebf
- SHA512
  
  4be019d9c8b2d2008c43b3bc9969bf53254000ea131ffcf643a244aeb906c3c1b3b70bc85af84b1ab8b59e0cdf777ecd112f732054ab7ade7358ecfd16abf7dd
- SSDEEP
  
  49152:EITYfKkVRcLUh2qDrekqXBSaQkIux2OPZsLCbSBpNBUhuAt5IAklSeeu3aCnumFE:eK+baQkIux2OPZsLCby3UhuAt5IAklSF
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~32b5733f1.js
- Size
  
  88KB
- MD5
  
  65a165e8b9e58e8233675361497df6a1
- SHA1
  
  32c33b3c89bb8392c0338291c027eb7c2038042e
- SHA256
  
  768f9bf3834a231f5c3235c199090ac5818ed14467bf1785726241727f16f8ef
- SHA512
  
  b5a999d91ad9683499052cb004b8bde16bbf84f57f3a04890f57ef58f2b26d2f8042097f020afdd15980538c2eca4ae7a958bce61b952c49c1916f27d1702ab4
- SSDEEP
  
  1536:MsRqQoWwhlvrWFtS+wedDc3M8h8wMbADhOu+hA83Q69R2U:wDrWFt7wedDc3M8h8wMbAdOuI93vRx
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~3fde5681b.js
- Size
  
  81KB
- MD5
  
  3e85af4bc90e41fde3263ed667f1fa07
- SHA1
  
  854dbf7a2c072fe4f61eb99b5ff57f6a9cb350d2
- SHA256
  
  e6f21a488920d05da7e1b69aacf479efa6a750250991ee958a301b9591e54f7d
- SHA512
  
  7e34d1ecb6678721581bd6c17eb6d1bf19213282b6d168b4e93c4ff6a104f388367ae7916c7af31423b68647e41b5ebbfaa21e346f13580e83d30a1ad4aeb054
- SSDEEP
  
  768:Ufdg3ft4tBPRy8Ac41Ky25dzG3bB+dVZZb1IpRaW9XSqwP/2EHrGNn9faaL:Sgvit/y8Ac41KyxMVZ00A4aL
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~4611591fd.js
- Size
  
  87KB
- MD5
  
  9e7978f6fd4a46830fac5a6a08ebd916
- SHA1
  
  2a753b5fc826cc45129f37fb0f0959d1fa2de25c
- SHA256
  
  b1b1edfa0ebf9602407b94e19dc316a4046d7bfa79c9b13297139d795c40c5a1
- SHA512
  
  776bfb9d07deffc647dd3b27e486048d2751ef4f2c49a76fb0df410ca4204ccd3c050e73c0002fa0288ca53cfaaea92e5a9dfe30dfcbbad6ed3ebb0c51baa744
- SSDEEP
  
  1536:a4ELrmtac7YaQ4QMg01HF6GO244q61j4AOwOcxS78PTPLe+GsSvg:apmtaqYaQ4Qz01HF6GO244q6R4WOcxSY
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~4bfd2d106.js
- Size
  
  92KB
- MD5
  
  838ce83b60c1cef1d1ccbcc60a10284f
- SHA1
  
  8ef8e256cbccc8351c9f51fdd3d0451277f84a5b
- SHA256
  
  476f1fb80bdba91ab7347b2aa952919930851c106feb72d2eb2d4c17e2d77db5
- SHA512
  
  fb795839378434f0aa02cd30e773e86fc145615643f3096cac7ffb1d8bc9c3a0cf9f3aa279770967c2c8b9b7bde018fb906b89d9a50fc25894b3994c19bc0144
- SSDEEP
  
  768:uJeCCpClCnasUsgFLCH7CCssXEEpbRcPJcfW0g3Cc7++qvlb6RR4P+C0nyd/vgpV:uebRjm3Cc7++qv8ck+/YQXJWbQDS
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~5303f55e9.js
- Size
  
  85KB
- MD5
  
  eaf6877c4cbbfae85525d00ec07238bd
- SHA1
  
  aaea4838d834fac29c0d143b5ae8df42c597a253
- SHA256
  
  e86a2bfdf8726a9a50acdd3a4b6869c733c6d292da8f25ac4399d9469e1ee0d7
- SHA512
  
  3c4a42e5a86f692486dfcc9492cc0a8c52fcc091ab52d034796f88aa364237329d9abba405c9382a8207985905838fc439d36dcf70e919933d22fc4b33eccfa8
- SSDEEP
  
  1536:P9+Uc5+hWqHWXTvBYt/m6zPd+DhBr7BWDgwO2:tc5+hWqHWTBYM6EggT2
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~57063afaa.js
- Size
  
  90KB
- MD5
  
  a049f3c0ad187ed9532f5939a9080ac0
- SHA1
  
  46ee2a61fad48ad5a107dbc55e5f49bd052b6764
- SHA256
  
  3e6d44d5174bc50463ffc584822e984dce56c6892167bbb83788a0a922bb6ac6
- SHA512
  
  23a8ba7f7976d5d9cc912081d85ed2112a770c5b5c442cfa16e8a8d0bbd6c132fceba128edc1558110d577b5827082fed67aa60e0ac938427439c17b129d53bc
- SSDEEP
  
  1536:QF3Kp8N8Y8kdyCbdNiD1QGNTgWxr4b8K+:u3FN8Y8kdyCbdNq1QGRr4wK+
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  !!fUlLSetup_3355_P@ssKeys!!/autocompletion/libraries/libraries~643d02cb5.js
- Size
  
  121KB
- MD5
  
  72e988b1b503061e0d9e753171c35b47
- SHA1
  
  468a20925b4319595d4400337cc859009903fd83
- SHA256
  
  0eae227a4a40d0f88a428a600526205ea8dd3d8eb5f8468ac9f8cee1752ba151
- SHA512
  
  cc168ed46c546e208e0a1d23e713d72416b0912e558134a6ebd229c1c9482b0170c6d604f535fbdb95bdbc007cf8ed5bdfce7d27bbe84e2c5cabc66cff7a48a9
- SSDEEP
  
  1536:O0auuyGWGRS3QZ3EBSLDcNIBmWZGy5Zk0qcBpBlx9l5:XSRS3QZ3EBS7mWxkNcHvn
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

stealcvidarstealer

behavioral2

stealcvidardiscoveryspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32