Extracted

• • Target

    setupfileapplication_v3.5.exe

  • Size

    719.4MB

  • MD5

    9166bb6eddddffdd50181010feccbdce

  • SHA1

    abc3d0828b1658704ffc7aed1184622892a460b5

  • SHA256

    76158b10a1015ceaaf37fa9bb1aa9a7ff4b7e366f6d833fcffbafd2904241833

  • SHA512

    d00f7dbc1ddfcfc29d1b234b42708642f9e1f874c3c1f0aa54561482e5df20d8bb98080eec7ff09d6a9c621dcbe243e5d1a99499835c9f2a3164893abaef0d51

  • SSDEEP

    12288:0QhQ2qIIkRx61KGXVCwlcAV7MpGxIZCdwDDx+6wNKMul0nQZpvMTM2qtI0qp/xPY:phQc61Y80c68T1q

  Score

  10^/10

  vidar754spywarestealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1