Extracted

• • Target

    48ac733e00c61226d506c26f12f6fdec6b67f3dd0a9f3a5dc6720c4096f8c0c8.exe

  • Size

    1.3MB

  • MD5

    8f13e73a3c7d22ee7c1730cf8821f7ac

  • SHA1

    25858c26c6b10cd55a2f388fcc9325eb8ee75a00

  • SHA256

    48ac733e00c61226d506c26f12f6fdec6b67f3dd0a9f3a5dc6720c4096f8c0c8

  • SHA512

    6c8e22f964551c80cd812ca58024ed9c3440510cfa5369308c450599feb533fd14a667a872b39b9bfdec3ec69a815ba0998e11c4fbf73edad3d5e938f9388e81

  • SSDEEP

    24576:49U8qvoywyFnBcbOag/NDV4poKsYbe8QaqLhc88HbAw5MfPlB4T5N71xwm:4m8qvoypnBcbOag/QoPYbe8Qw8fwGHlk

  Score

  10^/10

  vidar91ac6183dbe67a7c09b11e88fb5493b8credential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2