Extracted

• • Target

    f4974a20ba2cd22cb9069aac0d337136.exe

  • Size

    805KB

  • MD5

    f4974a20ba2cd22cb9069aac0d337136

  • SHA1

    07a4fa031c12d8f902a77ce5c8b673112a27379d

  • SHA256

    e4f7ecadb3b2aac68217ff1676cd124bd315f7c3b6c75bd10f5073bb3a8ff878

  • SHA512

    ccf5c947421fa54d02ae81054b0d6f664661f5c2b031b567c73d7270eda74c729c6815105e554b0d1632051f73c71e01fe1bbe92183ab20f16d7d58e4860311d

  • SSDEEP

    3072:+ahKyd2n31G5eV1sK8eU2jBoksuDi4no6LOFhF8T:+ahOPV

  Score

  10^/10

  persistencevidar811spywarestealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2