General
-
Target
6320d63025e1764e578680e24906def3.bin
-
Size
3.3MB
-
Sample
240701-cgr5sawdrp
-
MD5
858f9c4b43cb0af1d5294db20dd2e90a
-
SHA1
82363c30f1cb0b08aaac005ad3c98e4ac0b39d4a
-
SHA256
adef8bc5227bb4397214ad83610d98a9dc5d3543d8a4f214d71a00b79717c488
-
SHA512
0b2934ecb0a3c9e77e39adb3abbb2df76802b9bb24f0d3842cfb476867f37de8b2abc7f02a88077ec03f63beaecc0982c8061ddc5f49c8289c99ebf2a9e0c199
-
SSDEEP
98304:aLYavnolmAIE/3hiEOGtd5I0otiMIcCvEwmO:e5vY4E/3UEOsdctcvfmO
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Extracted
lumma
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
d4b22461e379bba07e2e2f6cf1833884c0ff656b84afdd3b2284be856f598ae0.exe
-
Size
4.7MB
-
MD5
6320d63025e1764e578680e24906def3
-
SHA1
b452cb8f5fe2b5683b8ea94b90c5d3f415e53832
-
SHA256
d4b22461e379bba07e2e2f6cf1833884c0ff656b84afdd3b2284be856f598ae0
-
SHA512
f75d2700fafea373de7f2c4131a650128d38146ef8fd7edef0c186ce3ebc1fb51b116f91596891d68f893a56b30e14035e565a55d0e5d228462c9e3e7a68dc51
-
SSDEEP
98304:KjG9asZlqf3mTJBMAxu8l+yzWCdlPtclKfWN6D:KjGgsZlqvmT8wu8lZWCzo+
Score10/10-
Detect Vidar Stealer
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Stealc
Stealc is an infostealer written in C++.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-