Extracted

• • Target

    cfed0ad471220f67dade90cc71116553fa4e84cbf67ee11abd74328b177d1686

  • Size

    1.8MB

  • MD5

    2eb94c7bd61cf672761f77cff7f3d1df

  • SHA1

    e108ae6cd341a6e5efc6c4ef4343942402407e9a

  • SHA256

    cfed0ad471220f67dade90cc71116553fa4e84cbf67ee11abd74328b177d1686

  • SHA512

    609b733dda18a0b0aa234b38817827e3457842ecd5cc35473f50ce99d0aafbf8bc66df3363fa9dc7cd1f3177a4a19069bebc4a9d24ad644878a2f53349a81ea0

  • SSDEEP

    24576:FBfuZfeq6s5O6hTdtTF+TxMoxQH1Tj4wtjYZH1DmoYYzi3WH45yv+OueSJhm9e:F7qFjJtTF+TxMoxc1TU+j+dAzGwlrh

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2