Extracted

• • Target

    setups.exe

  • Size

    389.1MB

  • MD5

    c2e942fb09a439c3a2687e6b389c9251

  • SHA1

    d5e1230a1c965da0a907557258da95e27bc8ec00

  • SHA256

    8b277cc1f2ec679a58204383a4a88513878377f8cdee4a1e4a7edfb7e98527cc

  • SHA512

    708a44c6cd745fdc8be6ff9478c66ac98e19d167bd8caea7551843211d0d2dc3e5fab1833f386787103a16dc756820c7019a85397beab6aebe53b25574e7fcee

  Score

  10^/10

  vidar1281discoveryevasionspywarestealersuricatathemidatrojan

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer

    suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer

    suricata

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Vidar Stealer

    stealer

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2