Extracted

Extracted

• • Target

    7156eced6e11b462d4f1a3d6a55be4d68905c388d6be870c8e174b61ff30cdf1

  • Size

    2.9MB

  • MD5

    3f28e17012cb2f83025a7b4e163d3c1e

  • SHA1

    6d883768fbf3e5a0675815e8063e8b7909015b67

  • SHA256

    7156eced6e11b462d4f1a3d6a55be4d68905c388d6be870c8e174b61ff30cdf1

  • SHA512

    cb85b0cd141789e13ee6c60e676106155e349c3e85309602a3439e625f66cfa3c1f11587307e0fe620caf82000d9eec8c7e763e4ac81a8f19fac2cfe6e631439

  • SSDEEP

    49152:rtpSxptE1AKnCBMS4cdR/z4+UVi4e9Crn:r/4nE1dCmKxx4e9Cb

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Detect binaries embedding considerable number of MFA browser extension IDs.

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

  • Detects Windows executables referencing non-Windows User-Agents

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

  • Detects executables containing potential Windows Defender anti-emulation checks

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2