Extracted

• • Target

    GID Kostenkalkulation.xlsx

  • Size

    18KB

  • MD5

    40924389dc9331074cfefebad5c9d143

  • SHA1

    34452ee0a2fbe130c63986e776b00de4de58036f

  • SHA256

    e0873dd6fa528c110ac90261a7a9e28d93744a6c3d0416b96db0821d5051e3d2

  • SHA512

    2c5a3822d68f852e8a0556d3656e2d678c741f512649a7e4aae91540ad71ce5fd4a43e38458b08f7e14f5fd5bb70268ceb642b46ae03e04683498a33a75c90b3

  • SSDEEP

    384:0PJwxuNNoSWjEKGXa2PAw7bT/52My3YLCoIM+:mJwcNuSzKga2Zb/SILCoB+

  Score

  10^/10

  stealcvidarbootkitdiscoverypersistencespywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1