stealc

Sharing

Copy URL

Twitter E-mail

General

Target

c5f20b0cb835adff91c281ba3e9995e3.bin
Size

2.9MB
Sample

240702-cbc4nswarm
MD5

24178e2f2330267bddfc8e24c8713aab
SHA1

eaa4ea52bac900576557a7cb788f5e63c54765b0
SHA256

8547b27fa35d4b4bb7d02cd3a7115df1b34b7030ceb27aabb762ec904b2a00d8
SHA512

d5c3e428709820d8db15dd124d4131fef65b78f9fd23a096f35b8f9d8240ec6138cbb3f15c9bd94f5914c6992c3a72aa13343dfcbd66c4fc624e8d331333a277
SSDEEP

49152:zXNA93uqG1D8Iw7C6TzFzmdv08zsSBx2cCid975bBEHfggyONoeZtSYGXMlebBPB:zXND1aTzFy4rcCid9Q/g3OieZtSYGXAa

Score

10^/10

Malware Config

Extracted

Family

vidar

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b.exe
- Size
  
  4.4MB
- MD5
  
  c5f20b0cb835adff91c281ba3e9995e3
- SHA1
  
  b7edfc4fb9befe9acf241e423741e27d68dfd832
- SHA256
  
  416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b
- SHA512
  
  233587e39de30cfa0a9526fb041f9c9c70a1e7574e8bd8d934f7b795f3eff2a8aa8e98f20a7fcb06f00c85c233461d56bbabb4bba39c1ac4869839e3f0022678
- SSDEEP
  
  49152:e+PcYB/o36ki63Hw4/uzcdl3ne2xAOVmmgZV099snm9pswB0Nq7:tPcYB/y6ki6PnuwT06sajB0Nq7
Score

10^/10

stealc vidar spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Vidar

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2