Extracted

Extracted

• • Target

    2d8ac06089e00606827988aab8414132fe38aa589292e3904c13f5e353d0f234

  • Size

    2.1MB

  • MD5

    57e1edf25103106118cb30021e717058

  • SHA1

    4ce2e87e797d266b727bc5c844dfc23494065435

  • SHA256

    2d8ac06089e00606827988aab8414132fe38aa589292e3904c13f5e353d0f234

  • SHA512

    f588ce1b99eeed38cc8d5cf4bf0cb767000b6865ab4f29661bb83bf6e1b577f524d192c84ce089a447d00aaed22f24339e36fd4cb8ed7fdf36232e0fc5868331

  • SSDEEP

    24576:Ub4m+sws1qLVNMIlJl6DRKbAlcNRfCKFUfMxVVtes12FxwojKr98YGeGG9iO:UZXOjt6DuAwCKFUkxVVChjHZQs

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2