Extracted

• • Target

    file.exe

  • Size

    403KB

  • MD5

    1992187cfdd036a0eecb8f5ca9340cc0

  • SHA1

    0aac664d9c06f47a970f88389401a14705337121

  • SHA256

    3a82cb00938ffbdf09c91c39120f57054df7573950701ce8be86aec0342bc1b5

  • SHA512

    37651fc773621566790569ec76af4a7e66f50472a7be6ba11575592514e0d11f4ff8cc1c83c5d3ebcde3c15ef942becbb8e71f763398fd5ffaa74c78a0379b92

  • SSDEEP

    12288:9TF2nYPwGYGzePmnWkMkBR0pwvxT613EO:9TF2YPwGleYMkBRVZ6Rt

  Score

  10^/10

  vidar4b74261d834413e886f920a1e9dc5b33credential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2