Extracted

Extracted

• • Target

    b249088b9ed63a8f18fb55fc567742d3dd4422d62c989b2b34c1f65987134269

  • Size

    1.9MB

  • MD5

    92ed84d1d3c6d2ac327b1db563a312d4

  • SHA1

    56515f040716a32e4de45994c02ee30e61bde8d4

  • SHA256

    b249088b9ed63a8f18fb55fc567742d3dd4422d62c989b2b34c1f65987134269

  • SHA512

    1368f89fc6d654ce48ae7294a5c01aeb8d9746df14d9b50e8652e1466c0675bcf58262cd4fe9e14a12eda4410679abb5278e023df5f221dcfcb107ff6b24c933

  • SSDEEP

    24576:n/eC7bzaXi7m0wJu0LXolGLbJnR/z4+EbVbw2qug4ctOlQLernWO:nGYz0P0wMS4cdR/z4+UVi4e9Crn

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2