Extracted

• • Target

    4c6b59d26a2a995a788b021f1f30f764.exe

  • Size

    606KB

  • MD5

    4c6b59d26a2a995a788b021f1f30f764

  • SHA1

    b6d94ef132caed5c2b01d7b63a1788647c9a4042

  • SHA256

    0f0da1d14f83ff61c448df9161c01d1ee11cf4dccbbc48df79fff89f2fd18454

  • SHA512

    d429e2166ba853f500d142ee943e72ade83c1ef20522563f911551303b40220821b9c7b73b9124c05b0e116960c90872fbe94cafec3ac8c2eac8a3f344f0c81a

  Score

  10^/10

  vidar1008discoveryspywarestealersuricata

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata

  • suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata

  • Vidar Stealer

    stealer

  • Downloads MZ/PE file

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2