Extracted

• • Target

    b0c8bd4c3d747e84bd46e8d5167b9263_JaffaCakes118

  • Size

    467KB

  • MD5

    b0c8bd4c3d747e84bd46e8d5167b9263

  • SHA1

    b9b925625bb047dc7a39978bd2c4f70160452b47

  • SHA256

    223ebb84039eb0a3bb87f74bd35e5bd065c3cb508f381f085f9b43d33fc497a1

  • SHA512

    abca53391d8067f565f1b80e3e550a1d4709abc509c377a1486ec2481cbcf14539782abb88b5a461374f18d5b2b2cd81b2f0acb245755451503e6d34ec06675e

  • SSDEEP

    12288:mSwV/kMfszWNDSUZx8m5wyhcvBpXCXX+VaQj:9mcMDDSUZem5ADau

  Score

  10^/10

  vidar517discoveryspywarestealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar Stealer

    stealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2