Extracted

• • Target

    e79b5c3bd34c9a760695a543fde2455d4c21187705cb0f6bceb11e64a9705673

  • Size

    2.1MB

  • MD5

    f39dcdd9393660d9b67580aac9c7561f

  • SHA1

    d489da27d4e8d71210fc098a7e0071f364739e60

  • SHA256

    e79b5c3bd34c9a760695a543fde2455d4c21187705cb0f6bceb11e64a9705673

  • SHA512

    ca77b538f47a75e2616700cc6b51855ad8c0e2739fef2158b50fd6799d35a7c98a3271bbc883c6d67136b43782badb251a4f4f331acc112edcf91b8c653a44e6

  • SSDEEP

    24576:cC/gyrgOo5VvmUfq+Zc1Fsuqf9sPUfMxVVtes12FxwojKr98YGeGGHzqqikY+rPN:c3xbZcjHPUkxVVChjHZQHzqZ+rPlV

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2