Extracted

• • Target

    f025d3580288f938e2fabb4ee186c4bd318aaace33cf54ff11e1aec088ecf24c

  • Size

    2.1MB

  • MD5

    5869684dd1c4290217e92a9b05c522cd

  • SHA1

    b0f0fe99956affc2b9f16191de0e02d4ec80c9b6

  • SHA256

    f025d3580288f938e2fabb4ee186c4bd318aaace33cf54ff11e1aec088ecf24c

  • SHA512

    87c93a261b3e5fc89189f3c98967efa2e66a1efd9391407874f1c6746f451143fc578c8d7cdc8ac28ba5737122a38f69af03720173d620f13a201df39ee75f14

  • SSDEEP

    49152:N6uDuaS9refa4JtTF+TxMoxc1TU+j+dAzGwlrh:N6uKb9f4tIuoITsdZ

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2