Extracted

Extracted

• • Target

    14970e8dfeec4ff1c9c60d9cea17b84544f7f671d8d9b5c6f17d637fb6f94bd2.exe

  • Size

    580KB

  • MD5

    4ad0164fbb08d546961ed5069c30185a

  • SHA1

    c4f8184106ac9ea7eb1148dd2aa2fbfccd7c8d3e

  • SHA256

    14970e8dfeec4ff1c9c60d9cea17b84544f7f671d8d9b5c6f17d637fb6f94bd2

  • SHA512

    ef86d237a3ae15bf19887b3e2fdc53647527b9ebcd582879ad3611fcd5cb269f83fd87bb002108aff1d57c0a693cc70c137ad2bc66ad2a4047e3fbcbe2bed844

  • SSDEEP

    12288:OKHCYvQ2v9et3Ao3UfYYJOsrf/YHu4HoT6YoCMSOblBrKA:OKZvQalo3UZJOPO4u6YFOZ95

  Score

  10^/10

  lummavidarcredential_accessdiscoveryspywarestealer

  • Detect Vidar Stealer

    stealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2