General
-
Target
TradingView_Desktop_(password_github).zip
-
Size
128.5MB
-
Sample
240630-wpsaasvepj
-
MD5
14dafba5adfb86fe1253b86233e649fa
-
SHA1
b48952fc21a102f643a3a13e08573895a0acb508
-
SHA256
d5859d9a88162423e1cc673f660859b8d28a1bc90043a29cef82a60b6575b98b
-
SHA512
8311ead5d1fa4de5b5b4c383f0d55c5db29cab2193351f9484f93d603883d41590564779e6330e6be0f7dade59384313e941aefe9abe44b58ce43b940856b5a6
-
SSDEEP
3145728:XsHt5XotRyPwBqxVrCRrrm6660K0JNBehJTOP:XCvXq/QVmJrn6XtZeJq
Malware Config
Targets
-
-
Target
DAC/bin/SqlPackage.exe
-
Size
89KB
-
MD5
bc23d166645b4b3aae2c197f7267ed89
-
SHA1
4141dd81b6e23246797e0081b2174b87b6a3d498
-
SHA256
8a29cbbbf112c486f1feb29fd5a1d86bd0a4fb5682ef8600e53f5e83eda0c1a0
-
SHA512
e9d1cbaffb4e9d30ece55a84ff85f06b99c0a3f15b9efcdc1aafde87e65c203aef4ca9ca91b9f77baddd8b416c74fc725c598b3e0679d552b44fe2555c84f759
-
SSDEEP
1536:0XpFdiPzNGAkI2nDVlWqw/Aj0Ivq5iAVO40MTRuVnnhTzLncDS6F5w:05FdiPzNKDV0qdq5iIf0MTRuVnhTzLnX
Score1/10 -
-
-
Target
TradingView Desktop.exe
-
Size
779.2MB
-
MD5
e8fa1288bb7eeee03e51848faf7a5677
-
SHA1
17b3b9b521eae0935aa427ace0c273f3df733030
-
SHA256
5cc8741c9ab6011c21e2f485ee33e88d19954aa579dc0be2c64592c5392cbb05
-
SHA512
75aea3e803dfb34a8856204419742599b9411342ca7adf206126f4cc06c8e434764bdacaa33f353597e194799870adbbb4924dc17deee6f3c9cdce12bc67e140
-
SSDEEP
196608:nxO95CWNPkUhRJZPeKXXRWJbZd5d1dvbEGe5m+LjO:xSCWpJZPrnRWJFd5ndTEhjO
Score10/10-
Detect Vidar Stealer
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-