stealc

Sharing

Copy URL

Twitter E-mail

General

Target

f61a6938815354d7f5df5fba81cb5626991a100a3275aab1eba37abd0aa12a86
Size

1.6MB
Sample

240701-1f6hsa1dra
MD5

abab70683b8e44e8ba6bda544a8644f0
SHA1

9278cd5ce651e61ea88ddc39e9a6eefa854d8a24
SHA256

f61a6938815354d7f5df5fba81cb5626991a100a3275aab1eba37abd0aa12a86
SHA512

01af958c43358fcb95951612d2265cb5680ad480c696dd0951d455b00e86e44e1a1ad6cdec16f58f78a207a4971c629b7ea8a5531810b65938006befa51cb9c8
SSDEEP

24576:T16dvdD4B0+lF0U2MZQti1u8LnsDJY6WpEYGYPORL4UjqmiIS5BxxK:T1Km2Or21tuuIeNHYGY0LzjsJxK

Score

10^/10

Malware Config

Extracted

Family

vidar

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  f61a6938815354d7f5df5fba81cb5626991a100a3275aab1eba37abd0aa12a86
- Size
  
  1.6MB
- MD5
  
  abab70683b8e44e8ba6bda544a8644f0
- SHA1
  
  9278cd5ce651e61ea88ddc39e9a6eefa854d8a24
- SHA256
  
  f61a6938815354d7f5df5fba81cb5626991a100a3275aab1eba37abd0aa12a86
- SHA512
  
  01af958c43358fcb95951612d2265cb5680ad480c696dd0951d455b00e86e44e1a1ad6cdec16f58f78a207a4971c629b7ea8a5531810b65938006befa51cb9c8
- SSDEEP
  
  24576:T16dvdD4B0+lF0U2MZQti1u8LnsDJY6WpEYGYPORL4UjqmiIS5BxxK:T1Km2Or21tuuIeNHYGY0LzjsJxK
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Vidar

Downloads MZ/PE file

Executes dropped EXE

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2