Extracted

• • Target

    75fcb5d94124e7f3d099d6ac35a1af401bd52d68d6480a231171ae3b4833688a

  • Size

    2.1MB

  • MD5

    e52f5370a68e1ee7b5f24b708924025b

  • SHA1

    bf920f1fe420f1c8dc8dba7112f1b57bf0d6dfb7

  • SHA256

    75fcb5d94124e7f3d099d6ac35a1af401bd52d68d6480a231171ae3b4833688a

  • SHA512

    7a2245652656888ec46a4a081aaa52ca86723b6d251059882b756fd0b7c8b0a576ad29c0b46fe3706a40d680c3940f3cadbd3716de98066b64b0b904fb624286

  • SSDEEP

    49152:B61lu6RZizQwhPuMaWFVCInTda0xW7hl8A:gG6KQwh2Mao9w+W7DZ

  Score

  10^/10

  lgoogloadervidar641downloaderspywarestealer

  • Detects LgoogLoader payload

  • LgoogLoader

    A downloader capable of dropping and executing other malware families.

    downloaderlgoogloader

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Loads dropped DLL

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1