Extracted

• • Target

    47257567cb272a046cdca7596367b2f2.exe

  • Size

    374KB

  • MD5

    47257567cb272a046cdca7596367b2f2

  • SHA1

    5258ff1376974f62ee35f34425df29a4aae80d98

  • SHA256

    dade5b7aa50e2e1df254ae9c8b70f59cfa6c47889bc1cb3ff722620b367fde60

  • SHA512

    61a98897a22ea5b3ba4dc251476044d7055a87d640361ff67f639e3089a088cd8c57e9d9d4cd7a3fdefd93002687b9dbe4fdca41370f0ff1415f49b18a02f441

  • SSDEEP

    6144:4XJ936eafA9hW5zW2qJMHUYM+fS1v6kkuzbgwuix26wVf:4XJd6K9hWtr0YZ5unnc

  Score

  10^/10

  vidar517discoveryspywarestealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2