Extracted

Extracted

• • Target

    bf34325a650f4d90b01e9d7edd833c7d0d379de58c39dab8fbb4e569186d716c

  • Size

    2.0MB

  • MD5

    8fdbae58a20ed5349b9ca0636cd5a77a

  • SHA1

    b341962a6befd6e9866361700dfd1081e24be17e

  • SHA256

    bf34325a650f4d90b01e9d7edd833c7d0d379de58c39dab8fbb4e569186d716c

  • SHA512

    91db049085430cb663a6f8f6e60f19cd783479851927e7aec4f0c5a6db26bfac35d48a32bc7b20435f0a26b521245c90f4803985fa842cf36b6e6ea821e710c8

  • SSDEEP

    49152:s4K3x1vUKJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18KtIuoITsdZ

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2