Extracted

• • Target

    aa12ad772adf47f16f71cd07714ee02ed1fddab1fa80551d6dbc5d50589aebfc

  • Size

    661KB

  • MD5

    78c06b9a03f2d8fcb86e7e0a8cedb5da

  • SHA1

    2f44713c28754eeef871ccbbd9e8784dd145d5f8

  • SHA256

    aa12ad772adf47f16f71cd07714ee02ed1fddab1fa80551d6dbc5d50589aebfc

  • SHA512

    7e9447aa24927deeb094c0211b1cd0302bf3479e53ac225e8c4fb9bc68905ae645b3ce3e11cad2b9c54a5811f2615235bff2ce00d1b0b328ae532fda9720c771

  Score

  10^/10

  vidar937discoveryspywarestealersuricata

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata

  • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata

  • Vidar Stealer

    stealer

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1