Extracted

Extracted

• • Target

    3c928e441fd16ef9af076b1a33fd388ce3e653b53ad4de26dd5603c2695409f6

  • Size

    1.9MB

  • MD5

    33c9d34f742899c5426f74921663911d

  • SHA1

    85b0bd8fdf2e4ae6f6a3e31ea9bc8de8f0f6172e

  • SHA256

    3c928e441fd16ef9af076b1a33fd388ce3e653b53ad4de26dd5603c2695409f6

  • SHA512

    902c4a322b6d40a3ad8c1eca845c9256121304a24f68e12456c228cdf6a99dad8e8e1c8e0561a8c6ad56b8032696b68e3d6fc70c6d286a8524d8943dbbafd4ee

  • SSDEEP

    24576:n/eC7bzaXi7m0gJu0LXolGLbJnR/z4+EbVbw2qug4ctOlQLernWO:nGYz0P0gMS4cdR/z4+UVi4e9Crn

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2