Extracted

Extracted

• • Target

    d38a9f6ac940fd239ba8bfc7f979d1abf5e7a0b0e2420d077d5daa2a40919a67

  • Size

    1.8MB

  • MD5

    8df7549f7fd2f933c2cdf8b8bbda162b

  • SHA1

    b3b2c29447b00ed84b14a7aad604632543232208

  • SHA256

    d38a9f6ac940fd239ba8bfc7f979d1abf5e7a0b0e2420d077d5daa2a40919a67

  • SHA512

    2060b259c95264f205cd30bf4af94b77f7966df144e1f600f65df5afffd807816ba02f8c35663703e70309ed3279461b6ce216b42fe76142b7639e421f8fccec

  • SSDEEP

    49152:k75B7FDFXb9Ya8aesY3Ot4N7G/IeUAtK:k75RFD/n0etD/INAt

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Detect binaries embedding considerable number of MFA browser extension IDs.

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

  • Detects Windows executables referencing non-Windows User-Agents

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

  • Detects executables containing potential Windows Defender anti-emulation checks

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2