Extracted

• • Target

    efa9c92c5e7d0608cee15af285a48d5a6a8b7bff95c26287f611f3a5bba9e0c1

  • Size

    2.0MB

  • MD5

    19744978fe9f7728f71e0fc7b445a0f6

  • SHA1

    53eb2f859a57a4d82c26a1572c78088428fd60ba

  • SHA256

    efa9c92c5e7d0608cee15af285a48d5a6a8b7bff95c26287f611f3a5bba9e0c1

  • SHA512

    315f983d4529a5e8e042a5f9ea62be6605e411a0e1e006c639c11998a9aea74df8523a9ad4754ba67628b6e8c5c03f9ccc97730c8cfa5613961e702cbe8c2153

  • SSDEEP

    49152:IFno/jfsJtTF+TxMoxc1TU+j+dAzGkiT:IFno/jEtIuoITsdZT

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Detect binaries embedding considerable number of MFA browser extension IDs.

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

  • Detects Windows executables referencing non-Windows User-Agents

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

  • Detects executables containing potential Windows Defender anti-emulation checks

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2