Extracted

Extracted

• • Target

    30e9e09bd6c6ad28f7f17b5740d3616ccbd0bfd804241215ee2f84a2823db9aa

  • Size

    1.6MB

  • MD5

    ddb7767617a151619ab19d9b07adfe4f

  • SHA1

    6373a2549dd3fe3044af729a1ad02d7fa15737a2

  • SHA256

    30e9e09bd6c6ad28f7f17b5740d3616ccbd0bfd804241215ee2f84a2823db9aa

  • SHA512

    3e5b949f224e67e18866ae57fa4a743193073cc695339d57da98cb755f1ce843c357059ecf03438a031ff575ec8ca9b2c306a98a0269e57bd6fbbb0e3d1acab2

  • SSDEEP

    24576:spM5863IGfTAVpalByUfMxVVtes12FxwojKr98YGeGG9i:spQLYkTYp6ByUkxVVChjHZQs

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2