Extracted

• • Target

    file.exe

  • Size

    891KB

  • MD5

    2f5226b4116ce79afb6dcb32fa647954

  • SHA1

    15f395c9a4a894a660d318a6779094d311f0a1f7

  • SHA256

    8febc589fc4de7b009d3e406fddba66e389d5544bc5fad44d03f712ebf6c2bfa

  • SHA512

    7fe94c2adf2d5526a9798b1fddf62984b49787b5c0ed2e9ef2aeb765ba9922ecda8d71fe7966452b3e84a4b84e37096f5dd9c0e700f99dc94fe5d261c36c1013

  • SSDEEP

    24576:tEbCyouWvEBYeO3QnE4t4BVb5iaSHLKvm+pq6GabL8Z:2WpM4apHLCm+M6l/o

  Score

  10^/10

  vidar283e465e3e8feb6cb806690b98c9bf31credential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2