Extracted

Extracted

• • Target

    56ad460c63c005e8049142132ffa08c7c30f2fe9dbd24c60ff746c2e61138495

  • Size

    467KB

  • MD5

    d74e5939e3ad989ab0187c1127f9db3a

  • SHA1

    a2e3697f89cc1c31b4d342dfaddb738f28d420fb

  • SHA256

    56ad460c63c005e8049142132ffa08c7c30f2fe9dbd24c60ff746c2e61138495

  • SHA512

    47824d39685d4b583099bc907881d30736f3a39b7636baf20dab9d480026f87d0b54031fff6ac369bb053f65cfd1f95e83a5a5d0eed84f82c4b1a440f7d6d218

  • SSDEEP

    12288:4w5ZLCWvqJQL9+l9RBG/w/SWFM57OWCd:4w5Z5qJQLwlvOIP0OW

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2