Extracted

• • Target

    27b09d28b14450afa2eb62e69693e76798baa117b62050051c92d1c7adad2bb6

  • Size

    2.0MB

  • MD5

    520b1f26bacee0337d665f94764cf822

  • SHA1

    daf8b72ea5ad4b999057b4e2a6ee2f46932770ee

  • SHA256

    27b09d28b14450afa2eb62e69693e76798baa117b62050051c92d1c7adad2bb6

  • SHA512

    fde5290586e158491e0dce617fe6b65a510f5e40485d3a821a8f48cd0b8439a4ffcc09c4be76e32e0d9c98e7987f8452dc5d3bc152a4620443b6b259db17fa53

  • SSDEEP

    49152:IFno/jfIJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jgtIuoITsdZT

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2