Extracted

• • Target

    4b0f1dbbf3b6e1c86adcd457de849ae63428dab2f036562b2b209098e11ff19b

  • Size

    2.2MB

  • MD5

    a66510c5b83999a9278a4273bf9a5897

  • SHA1

    8fef14bcf1a18069b1131b9f9117265bcaa837c2

  • SHA256

    4b0f1dbbf3b6e1c86adcd457de849ae63428dab2f036562b2b209098e11ff19b

  • SHA512

    05024b5b4b064e8588bda444af895c81e7b46ad03f81d8b3e3f9bb79da4259e98bddee2dfa880e260b143d54f2424a211983d8e47bd2d92aedae69f14f52f344

  • SSDEEP

    49152:qpjNvr9ySAOmw41HHO+SASagXkJr4MDkUwm:qpjNp7p41HH8n5A

  Score

  10^/10

  stealcvidardiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2