Extracted

• • Target

    b4b36bcff73973cd1cf3f387838acd93_JaffaCakes118

  • Size

    546KB

  • MD5

    b4b36bcff73973cd1cf3f387838acd93

  • SHA1

    e3be922b7e4d2781bbc1e87cce48c91a48e1c193

  • SHA256

    e65b9d74bacfd8e536b79d48af1481ad77f6c0fe7465af333fff704b2b367c03

  • SHA512

    5810f41dffb63494bd1fd9bbba24d1009e81b79ed8a914d9a5ead21c29f4318e547cab343d6e43968edb444e453a9d8db6e9ca4b293329ca8952349dd10caeca

  • SSDEEP

    12288:pF+0XfCwKe2zf//YqciLbp6KWqQCapbrZEhcZ:H+uDYLbpttAhE

  Score

  10^/10

  vidar240discoveryspywarestealerupx

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar Stealer

    stealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2