Extracted

Extracted

• • Target

    1c9264473281f0d5144912a8c05d803697c7da8707cd5607017e6936d2fa1588.xll

  • Size

    718KB

  • MD5

    11f82e84e17670912b1f93c827ed7f35

  • SHA1

    d5f4e666ca2b2cab3451ff784659cc22b4957a49

  • SHA256

    1c9264473281f0d5144912a8c05d803697c7da8707cd5607017e6936d2fa1588

  • SHA512

    ef57cb2d05947dbdaa1bb561e58cc8248a3a13c6484017df2b074b9170c2f296a0c063d5252190662e669035ba885fea946734e452805770a66c9c510f2df914

  • SSDEEP

    12288:5n/zDvGHAykHSzLW/4+8bzbBSreMdCQ4gLuUkvSK/7gFK/UqW53:dzbGHAzHAjX1yq3vSK/rcL

  Score

  10^/10

  vidare37abeff0df24a473dacaf8467d6fa48stealer

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2