Extracted

Extracted

• • Target

    16385329f031093c70f63f55d0a636698a7aada08c84cd13a1511ba65a5fc6b6.exe

  • Size

    2.4MB

  • MD5

    a2a4b134591ef73161ce1e353605e858

  • SHA1

    9b4475a651023d26d35fe3980c9f4129b60e5f69

  • SHA256

    16385329f031093c70f63f55d0a636698a7aada08c84cd13a1511ba65a5fc6b6

  • SHA512

    15d19bd23784f519a6111a1960042fdf5f033fcb7ba54d1ce4c220129edb65da61a77fdbcf63148faa0971c1b25a7ca6bbe6b54ee17c3b08db3082c8e807f8a2

  • SSDEEP

    49152:jxIRJF1HL+VdX68kUmJtTF+TxMoxc1TU+j+dAzGwlrh:jEJF16dX68dmtIuoITsdZ

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2