stealc | bf424f7a51514c455568df41d22c5a0749c2e8ac08df15312c71d627ff384b98 | Triage

Submit
Reports

Overview

overview

Static

static

3

bf424f7a51...98.exe

windows7-x64

bf424f7a51...98.exe

windows10-2004-x64

Sharing

General

Target

bf424f7a51514c455568df41d22c5a0749c2e8ac08df15312c71d627ff384b98
Size

2.2MB
Sample

240630-dfrcjawfjj
MD5

fe22582c7e3185ada02dd84217bf3adc
SHA1

a839396ac636ca2d7d7fc9d17942e65e281ca9fa
SHA256

bf424f7a51514c455568df41d22c5a0749c2e8ac08df15312c71d627ff384b98
SHA512

3707b4f07c48548f349992405d76323ed8fc02189f4d5401930d65ea285f609943ad8cb5de9431eb6235ac29dbf543bce76293dbb9a187c105613b00ccb3dd02
SSDEEP

49152:qpjNvr9ySAOmw4VHHO+SASagXkJr4MDkUwm:qpjNp7p4VHH8n5A

Score

10^/10

stealc vidar discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bf424f7a51514c455568df41d22c5a0749c2e8ac08df15312c71d627ff384b98.exe

Resource

win7-20240611-en

stealc vidar discovery spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf424f7a51514c455568df41d22c5a0749c2e8ac08df15312c71d627ff384b98.exe

Resource

win10v2004-20240226-en

stealc vidar discovery spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  bf424f7a51514c455568df41d22c5a0749c2e8ac08df15312c71d627ff384b98
- Size
  
  2.2MB
- MD5
  
  fe22582c7e3185ada02dd84217bf3adc
- SHA1
  
  a839396ac636ca2d7d7fc9d17942e65e281ca9fa
- SHA256
  
  bf424f7a51514c455568df41d22c5a0749c2e8ac08df15312c71d627ff384b98
- SHA512
  
  3707b4f07c48548f349992405d76323ed8fc02189f4d5401930d65ea285f609943ad8cb5de9431eb6235ac29dbf543bce76293dbb9a187c105613b00ccb3dd02
- SSDEEP
  
  49152:qpjNvr9ySAOmw4VHHO+SASagXkJr4MDkUwm:qpjNp7p4VHH8n5A
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealcvidardiscoveryspywarestealer

behavioral2

stealcvidardiscoveryspywarestealer

© 2018-2024

Terms | Privacy