Extracted

Extracted

• • Target

    9e950b2f1d69c52de09b54f2f9695932a1ea96e2daf258c9c1929b4624458529

  • Size

    551KB

  • MD5

    8aa1900ec791ea1de1e574bac382bf47

  • SHA1

    c884b5b61adbda8ebcf18b0f5eed07f7fa8b5bc0

  • SHA256

    9e950b2f1d69c52de09b54f2f9695932a1ea96e2daf258c9c1929b4624458529

  • SHA512

    563d2407abf4cbf772c5278c23cdf671f44fc1c2ada132a22f6da13e42b89ce2aa57a22f7fc95d82f779d71090596d280a814993f2e743e370fbbbd1d5f516b9

  • SSDEEP

    12288:7KzXYJTVvyjGrrMavTlMPBM08wLgoxcjDo+SpN/EAEsP:7sCVDEoTaPv3lSf2NN

  Score

  10^/10

  lummavidarcredential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2