Extracted

Extracted

• • Target

    e3b871e31ef76c78ddac595697fa6c6a50c08922ff34474c3d59424dc6aa5b44

  • Size

    2.4MB

  • MD5

    ced85a6412ebb3be73450876217cc0e9

  • SHA1

    3021de76e3f6b8b62a9805d532fc1ff3e3716850

  • SHA256

    e3b871e31ef76c78ddac595697fa6c6a50c08922ff34474c3d59424dc6aa5b44

  • SHA512

    281c894f2c0d567874d039efe9891e408d0fe48571a58e97aa631f13c31364f45094cb93dfaa4d50eccf90223cd8e7df9eb3ef5a1b8f9be16ef313c254a3b3d6

  • SSDEEP

    49152:L78Cw52xsz+0IsEAQACR07Q3byRD8aXY658:g52xsz+0IfAw07QLyLn

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2