Extracted

• • Target

    SЕTUР.zip

  • Size

    25.5MB

  • MD5

    3697ea05326b5c7dd52d39510b7bb280

  • SHA1

    9fcdc9086ddc0597413087f9b5078df74d862e01

  • SHA256

    a172d2eecf4fa798e6e42f72f463e47a43c3737d4b5ada747664144e64230d27

  • SHA512

    31da52ba35369fc0f50bebe747efa45cace3d255aebd0b07862d7b3e678dd7cfd88f2da625c848ca30955cd529195a5a2937e2682d6d1a2cf15a6c076473cb31

  • SSDEEP

    786432:2MxTx6W7xic7aMqojx8Qlqmlb0/pOeN3jvon2c:20TxP7laEnlqy4/UeNzAn2c

  Score

  1^/10
  behavioral1behavioral2

• • Target

    Setup3.exe

  • Size

    726.2MB

  • MD5

    dc32b577bd2af8245c7e3bfb42afd085

  • SHA1

    5b6135f41e2505bc1316886a20c75655d000b8a8

  • SHA256

    c8ce04c2437439769b3958e254634a090ab2ff8f9de3d07153de195880d5f49c

  • SHA512

    08b3d2fd40cf88dd0ff6be20fd94d69891c995efcef5cc437a805932db67e4ef7b0eddef9c506d8f13a815b906c637c77b3e4afc13fff4b8a71eee861d9a5a54

  • SSDEEP

    196608:VmtPPHA+LH3uUyVk/VZt5jSjNa9iVM6V4v7vmJVC:VmtPoqeUTjjtVvZ

  Score

  10^/10

  vidar670discoverypersistencespywarestealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral3behavioral4