Extracted

Extracted

• • Target

    85dc37f498f535f3b98e1b0b213c671703b093fb1156be730693161f268a599b

  • Size

    1.8MB

  • MD5

    b7a957e443f918c52924b35675267d4c

  • SHA1

    f2fcdba4dc26da2f17633f85d43244c8f473ae40

  • SHA256

    85dc37f498f535f3b98e1b0b213c671703b093fb1156be730693161f268a599b

  • SHA512

    fd67d70b83fdd5d53d223cb232e247ce862b9ca9cabbae4f26637adab0a2310265b8169d5d2b1b71065d95c4096c796dfc0b5f4e259d94eacef01b3f68b6dcb6

  • SSDEEP

    24576:l6z6AnPq5iak02HkPYaOV+rEfv0xwT3zxNOt4XigDSCuptNIeUaKUqm1zE:wer5l4kPYa8aesY3Ot4N7G/IeUAtK

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2