Extracted

Extracted

• • Target

    65d698600a6c47aa7e648d4464125eab8d722180763ee782e514044a8764f9eb.exe

  • Size

    2.4MB

  • MD5

    5669bb269ef8947834e7be643fa1e6a0

  • SHA1

    aed4f9c99cfb7e30e14be2c614c5fa49decc73cd

  • SHA256

    65d698600a6c47aa7e648d4464125eab8d722180763ee782e514044a8764f9eb

  • SHA512

    736e77f0c0692018918badc09e24adc36e9aa1736f850ad1f1d526aab37c80f032a7d99ab00e86ca79d62ab6137b31a03968188b4b6651e213d451f4beb1408a

  • SSDEEP

    49152:wQc81KnB/a/hNT/ddYa8aesY3Ot4N7G/:wDta/hNT/ddn0etD/

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Detect binaries embedding considerable number of MFA browser extension IDs.

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

  • Detects Windows executables referencing non-Windows User-Agents

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

  • Detects executables containing potential Windows Defender anti-emulation checks

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2