Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    7811c8e24019a783e1c72e7eeb58215f

  • SHA1

    d21422ed627d291a80e08fa77d3cfc126e94d4cc

  • SHA256

    b70354fa72344ed5262ef55243ab71e20149fcd87ec772b4b77ea44c93ff79b8

  • SHA512

    1f6299d5df5fa6c59f5cefe1a4b64e19511e5308c82d279d237bf1d6492fcc7e01eff349382c9dfddaf51e01f55d735849c6ba351f86a4fa437dae811efbcf10

  • SSDEEP

    24576:IzYyxHFKIlJX0oXMAsksIyESF/PvWGS5JcT1pWNpFj6zpe3rNNyJfOxmsAYQCOUO:+YyjxM3kMF/Eb+o3QYQJURnCyZrxS

  Score

  10^/10

  lgoogloadervidarba1fc89d9f7df84dadf34886aabb246cdownloaderspywarestealer

  • Detects LgoogLoader payload

  • LgoogLoader

    A downloader capable of dropping and executing other malware families.

    downloaderlgoogloader

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Loads dropped DLL

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2